CVE-2024-44080

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format.

jitsi/jitsi-meet
jitsi/jitsi-meet
Jitsi Meet - Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.
GitHubGitHub
29.5K
jitsi/security-advisories
jitsi/security-advisories
Security Advisories for the Jitsi projects
GitHubGitHub
13