VYPR

inSync

by Druva

CVEs (2)

  • CVE-2021-36668HigJul 12, 2022
    risk 0.51cvss 7.8epss 0.01

    URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.

  • CVE-2021-36667HigJul 12, 2022
    risk 0.51cvss 7.8epss 0.02

    Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.