CVE-2020-25019

Published: Aug 29, 2020

Modified: Nov 17, 2025

PUBLISHED

Description

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14

https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0

https://security.stackexchange.com/questions/225799

https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2020-0001.md

https://github.com/jitsi/jitsi-meet-electron/security/advisories/GHSA-x4h8-fhrp-pm3p

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-25019

Description

Affected Products

References