Note:
This project will be discontinued after December 13, 2021. [more]
2020-08-24
MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite.
Products | Minetime |
Type | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74) |
First patch | - None (likely due to unavailable code) |
Links |
• https://minetime.ai
• https://github.com/theart42/cves/blob/master/cve-2020-24364/CVE-2020-24364.md |