Vulnerability Description
Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Loom | Loom | <= 0.16.0 |
Related Weaknesses (CWE)
References
- https://thomask.sdf.org/blog/2019/08/07/cve-2019-14432-loom-desktop-rce-vulnerabThird Party Advisory
- https://www.loom.com/blog/loom-desktop-application-security-fix/Vendor Advisory
- https://thomask.sdf.org/blog/2019/08/07/cve-2019-14432-loom-desktop-rce-vulnerabThird Party Advisory
- https://www.loom.com/blog/loom-desktop-application-security-fix/Vendor Advisory
FAQ
What is CVE-2019-14432?
CVE-2019-14432 is a vulnerability with a CVSS score of 8.8 (HIGH). Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same netwo...
How severe is CVE-2019-14432?
CVE-2019-14432 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14432?
Check the references section above for vendor advisories and patch information. Affected products include: Loom Loom.