CVE-2020-24619

Published September 22nd, 2020

View on NVD ↗

CVSS v3

5.9

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.

mltframework/shotcut

cross-platform (Qt), open-source (GPLv3) video editor

GitHub

14.2K