CVE-2020-8140

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8140
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8140.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8140
Published
2020-03-20T21:15:17Z
Modified
2024-09-03T03:34:43.930619Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the environment.

References

Affected packages

Git / github.com/nextcloud/desktop

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/desktop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.6.2-buildtest1

csync-0.*

csync-0.50.0

Other

e2e-tech-preview-1

v0.*

v0.0.2

v1.*

v1.1.0
v1.1.0-beta1
v1.1.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.3.0
v1.3.0-beta1
v1.3.0-beta2
v1.3.0-beta3
v1.3.0-beta4
v1.4.0
v1.4.0-beta1
v1.4.0-beta2
v1.4.0-rc1
v1.4.1
v1.5.0
v1.5.0-beta1
v1.5.0-beta1-2nd
v1.5.0-beta2
v1.5.0-beta3
v1.5.1
v1.5.1-rc1
v1.5.2
v1.5.3
v1.5.3-rc1
v1.6.0
v1.6.0-beta1
v1.6.0-beta2
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.6.1
v1.6.1-rc1
v1.6.2
v1.6.2-rc1
v1.6.2-rc2
v1.6.2-themefix
v1.7.0
v1.7.0-alpha1
v1.7.0-beta1
v1.7.0-beta2
v1.7.0-beta3
v1.7.0-beta4
v1.7.0-rc1
v1.7.0beta1
v1.7.0beta2
v1.7.1-beta1
v1.7.1-rc1
v1.8.0
v1.8.0-beta1
v1.8.0-beta1a
v1.8.0-beta2
v1.8.0-rc1
v1.8.0rc1
v1.8.1
v1.8.1-beta1
v1.8.1-rc1
v1.8.1-rc2
v1.8.2
v1.8.2-beta1
v1.8.2-rc1
v1.8.3
v1.8.3-rc1
v1.8.3-rc2
v1.8.3-rc3

v2.*

v2.0.0
v2.0.0-beta2
v2.0.0-rc2
v2.0.1
v2.0.2
v2.0.2-oem
v2.0.2-rc1
v2.0.2-rc2
v2.5.0
v2.5.0-beta1
v2.5.0-beta2
v2.5.0-rc1
v2.5.0-rc2
v2.5.1
v2.5.2
v2.5.2-rc1
v2.5.3-rc1
v2.5.3-rc2
v2.6.0-fix1
v2.6.1
v2.6.1-rc1
v2.6.2
v2.6.2-rc1