Automatic Creation of Potentially Dangerous Links in KDE Discover

Automatic Creation of Potentially Dangerous Links in KDE Discover

CVE-2021-28117 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)

Learn more about our Web App Pen Testing.