When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL
Package
Talk
(Nextcloud)
Affected versions
< 11.3.4, < 12.2.2, <13.0.0
Patched versions
11.3.4, 12.2.2, 13.0.0
Impact
When sharing a Deck card in conversation the metaData can be manipulated so users can be tricked into opening arbitrary URLs.
Patches
It is recommended that Nextcloud Talk is upgraded to 11.3.4, 12.2.2 or 13.0.0.
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory: