CVE-2021-36668
N/A
N/A
Summary
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://druva.com
- https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before
- https://imhotepisinvisible.com/druva-lpe/
References
- https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before
- https://imhotepisinvisible.com/druva-lpe/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.