writeups.xyz / Allow arbitrary URLs, expect arbitrary code execution

Submitter : c2a

Date: 15 April 2021

Bounty : undisclosed

Vulnerabilities :

• RCE

Programs :

• NextCloud
• Telegram
• VLC

Authors :

• Fabian Bräunlein
• Lukas Euler

Link :
https://positive.security/blog/url-open-rce