Note:
This project will be discontinued after December 13, 2021. [more]
2020-08-24
MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite.
| Products | Minetime |
| Type | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://minetime.ai
• https://github.com/theart42/cves/blob/master/cve-2020-24364/CVE-2020-24364.md |