PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host. NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pybitmessage | Bitmessage | * | 0.6.3.2 (including) |