CVE-2021-44042: Critical severity uipath vulnerability
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2021-44042?
CVE-2021-44042 is classified as a medium severity vulnerability due to potential code injection risks.
How do I fix CVE-2021-44042?
To remediate CVE-2021-44042, ensure you update UiPath Assistant to the latest version that addresses this vulnerability.
What version of UiPath Assistant is affected by CVE-2021-44042?
CVE-2021-44042 specifically affects UiPath Assistant version 21.4.4.
What is the impact of CVE-2021-44042?
The impact of CVE-2021-44042 includes the potential for attacker-controlled content to be injected into error messages displayed by the application.
What should I look for to identify CVE-2021-44042 in my environment?
To identify CVE-2021-44042, check if your environment is running UiPath Assistant version 21.4.4 and assess any error messages generated by user-controlled data.