CVE-2024-37885
published 2024-06-14CVE-2024-37885: The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nextcloud-desktop | — | — |
| nextcloud | desktop | < 3.12.0 | 3.12.0 |
| nextcloud | security-advisories | < 3.12.0 | 3.12.0 |