In Code42 app prior to 8.8.0, eval injection allows an malicious user to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. (Incydr Professional and Enterprise are unaffected.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
code42 code42 |