{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T22:42:56.072","vulnerabilities":[{"cve":{"id":"CVE-2024-21625","sourceIdentifier":"security-advisories@github.com","published":"2024-01-04T15:15:11.030","lastModified":"2024-11-21T08:54:45.050","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly."},{"lang":"es","value":"SideQuest es un lugar para conseguir aplicaciones de realidad virtual para Oculus Quest. La aplicación de escritorio SideQuest utiliza enlaces profundos con un protocolo personalizado (`sidequest://`) para activar acciones en la aplicación desde su contenido web. Debido a que, antes de la versión 0.10.35, las URL de los enlaces profundos no se sanitizaban adecuadamente en todos los casos, se puede lograr una ejecución remota de código con un solo clic en los casos en que cuando un dispositivo está conectado, al usuario se le presenta un enlace malicioso y hace clic en él. desde dentro de la aplicación. A partir de la versión 0.10.35, los enlaces de protocolo personalizados dentro de la aplicación electrónica ahora se analizan y sanitizan correctamente."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sidequestvr:sidequest:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.35","matchCriteriaId":"48037EDB-FCDF-432F-A461-BBBE656927E6"}]}]}],"references":[{"url":"https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}