mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 18:27:17 +00:00
1.1 KiB
1.1 KiB
CVE-2023-46116
Description
Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the file: URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as ftp:, smb:, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim's computer. Version 3.118.2 contains a patch for this issue.
POC
Reference
Github
No PoCs found on GitHub currently.