Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Deck app allows to spoof file extensions by using RTLO characters
Vulnerability Description
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension than what is displayed. This vulnerability is fixed in 1.12.7, 1.14.4, and 1.15.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
Deck 安全漏洞
Vulnerability Description
Deck是Nextcloud开源的一个看板风格的组织工具。旨在为与 Nextcloud 集成的团队进行个人规划和项目组织。 Deck 1.12.7之前版本、1.14.4之前版本和1.15.1之前版本存在安全漏洞,该漏洞源于文件扩展名可被伪造,可能导致用户下载恶意文件。
CVSS Information
N/A
Vulnerability Type
N/A