CVE-2020-25019

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-25019

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25019.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-25019

Aliases

GHSA-x4h8-fhrp-pm3p

Published

2020-08-29T17:15:11.297Z

Modified

2026-02-22T08:24:10.542416Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

References

Affected packages

Git / github.com/jitsi/jitsi-meet-electron

Affected ranges

Type: GIT
Repo: https://github.com/jitsi/jitsi-meet-electron
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

46bcc6fcf03fefc5b2ec3b546db592a070dd7374

Affected versions

v1.*

v1.0.0

v1.0.0-alpha.1

v1.0.0-alpha.2

v1.0.0-alpha.3

v1.1.0

v1.1.1

v2.*

v2.0.0

v2.0.0-beta1

v2.0.0-beta2

v2.0.0-beta3

v2.0.0-beta4

v2.0.1

v2.0.2

v2.1.0

v2.1.1

v2.2.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25019.json"