URL injection in Driva inSync 6.9.0 for MacOS, allows malicious users to force a visit to an arbitrary url via the port parameter to the Electron App.
druva insync client