Fluid Attacks Database

Description

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	nextcloud-desktop	>=0 <3.0.1-1	3.0.1-1
debian 11	nextcloud-desktop	>=0 <3.0.1-1	3.0.1-1
debian 13	nextcloud-desktop	>=0 <3.0.1-1	3.0.1-1
debian 12	nextcloud-desktop	>=0 <3.0.1-1	3.0.1-1

Aliases

1. CVE-2020-82272. NVD-2020-82273. OSV-DEBIAN-2020-82274. OSV-2020-82275. SECURITY-TRACKER-CVE-2020-8227

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.