HIGH7.8
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448
- https://github.com/telegramdesktop/tdesktop/releases/tag/v2.2.0
- https://security.gentoo.org/glsa/202101-34
- https://telegram.org
- https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448
- https://github.com/telegramdesktop/tdesktop/releases/tag/v2.2.0
- https://security.gentoo.org/glsa/202101-34
- https://telegram.org