Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
Please stabilize 3.1.3.
Unable to check for sanity:
> no match for package: net-misc/nextcloud-desktop-3.1.3
All sanity-check issues have been resolved
New GLSA request filed.
This issue was resolved and addressed in
GLSA 202105-37 at https://security.gentoo.org/glsa/202105-37
by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architecture.