CVE-2021-24030

EPSS 1.7%CWE-88

The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0.

Affected products

Facebook · Facebook Gameroom

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.facebook.com/security/advisories/cve-2021-24030