CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:notable:notable:*:*:*:*:*:*:*:*
cpe:2.3:a:notable:notable:1.9.0:beta0:*:*:*:*:*:*
cpe:2.3:a:notable:notable:1.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:notable:notable:1.9.0:beta2:*:*:*:*:*:*
cpe:2.3:a:notable:notable:1.9.0:beta3:*:*:*:*:*:*
cpe:2.3:a:notable:notable:1.9.0:beta4:*:*:*:*:*:*
cpe:2.3:a:notable:notable:1.9.0:beta5:*:*:*:*:*:*
cpe:2.3:a:notable:notable:1.9.0:beta6:*:*:*:*:*:*
cpe:2.3:a:notable:notable:1.9.0:beta7:*:*:*:*:*:*

History

No history.

Information

Published : 2022-04-15 21:15

Updated : 2024-11-21 06:58


NVD link : CVE-2022-29281

Mitre link : CVE-2022-29281

CVE.ORG link : CVE-2022-29281


JSON object : View

Products Affected

notable

  • notable
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')