CVE-2024-44080

CVE Database · CVE-2024-44080

CVE-2024-44080

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

0.52%

Published

Oct 29, 2024

Modified

Jul 10, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-79

Affected Products (1)

8x8 · jitsi_meet (up to 2.0.9779)vulnerable

References (2)

https://github.com/jitsi/jitsi-meet/compare/jitsi-meet_9672...jitsi-meet_9673

Product

https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2024-0002.md

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs