{"vulnerability": "CVE-2022-31246", "sightings": [{"uuid": "11e42f51-10f4-4f55-ad66-b03621ccd203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31246", "type": "seen", "source": "https://t.me/cibsecurity/44739", "content": "\u203c CVE-2022-31246 \u203c\n\npaymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-17T18:23:20.000000Z"}]}