CVE-2019-14432
HIGHLoom < 0.16.0 - Remote Code Execution via WebSocket Authentication Bypass
Title source: llmDescription
Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://thomask.sdf.org/blog/2019/08/07/cve-2019-14432-loom-desktop-rce-vulnerability.html
Vendor Advisory x_refsource_confirm
https://www.loom.com/blog/loom-desktop-application-security-fix/
Scores
CVSS v3
8.8
EPSS
0.0228
EPSS Percentile
80.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
loom/loom
< 0.16.0
Published
Aug 07, 2019
Tracked Since
Feb 18, 2026