ALT-PU-2020-2357-1
Package telegram-desktop updated to version 2.1.18-alt1 for branch p9 in task 254686.
Closed vulnerabilities
Published: 2020-08-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-17448
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/telegramdesktop/tdesktop/releases/tag/v2.2.0
- https://github.com/telegramdesktop/tdesktop/releases/tag/v2.2.0
- https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448
- https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448
- GLSA-202101-34
- GLSA-202101-34
- https://telegram.org
- https://telegram.org