Unrated severityNVD Advisory· Published Jun 14, 2024· Updated Aug 2, 2024
Code injection in Nextcloud Desktop Client for macOS
CVE-2024-37885
Description
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.12.0
- nextcloud/security-advisoriesv5Range: < 3.12.0
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/desktop/pull/6378mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-4mf7-v63m-99p7mitrex_refsource_CONFIRM
- hackerone.com/reports/2307625mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.