Server-Side Request Forgery Vulnerability CVE-2021-34425 for Zoom Client
Description
The Zoom Client for Meetings before version 5.7.3 for Windows contain a server side request forgery vulnerability in the chat link preview functionality. In versions prior to 5.7.3, if a user were to enable the chat link preview feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.
Affected Applications
Zoom