Mozilla Hubs Cloud vulnerabilities

CVE-2021-29979 [MEDIUM] CWE-79 CVE-2021-29979: Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow java Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210618012634.

CVE-2021-29954 [CRITICAL] CWE-312 CVE-2021-29954: Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, incl Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255.