CVE-2024-2045

Publication date

2024-02-29 23:37:37

Family

Fluid Attacks

State

PUBLISHED

Description

Session version 1.17.5 allows obtaining internal application files and public files from the users device without the users consent. This is possible because the application is vulnerable to Local File Read via chat attachments.