Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Calendar attachments of local files are offered to downloaded
Vulnerability Description
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This vulnerability is fixed in 4.7.17 and 5.2.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
非预期数据类型处理不恰当
Vulnerability Title
Nextcloud Calendar 安全漏洞
Vulnerability Description
Nextcloud Calendar是Nextcloud开源的一个日历应用程序。 Nextcloud Calendar 4.7.17之前版本和5.2.4之前版本存在安全漏洞,该漏洞源于恶意用户可创建特制附件,可能导致文件被自动下载。
CVSS Information
N/A
Vulnerability Type
N/A