CVE-2024-21625
CVSS V2 None
CVSS V3 None
Description
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.
Overview
- CVE ID
- CVE-2024-21625
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-04T14:48:34.782Z
- Last Modified Date
- 2024-01-04T14:48:34.782Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7 | x_refsource_CONFIRM |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-21625 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21625 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 15:22:29 | Added to TrackCVE |