WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.

attacker call code code execution electron function http https machine malicious malicious urls protocol protocols resource shell sync url urls victim vulnerability