0-day Report



1. RCE on Gather town desktop app

webPreferences: {
preload: path_1["default"].join(__dirname, "./interop.js"),
nativeWindowOpen: true,
// We have to disable this to allow for window.require("electron"), but we may want to consider
// taking a second look at this in the future. From:
// "We recommend having contextIsolation enabled for the security of your application."
contextIsolation: false, // <-----------
nodeIntegration: true, // <-----------
enableRemoteModule: true
if (IN_APP_URLS.some(function (inAppUrl) { return baseUrl.includes(inAppUrl); })) {
// load some gather urls in same window
popup calc.exe from the desktop app

2. Input Validation Bypass

long display name
long display name

3. XSS on

xss in

4. Potential blind SSRF

5. Verification code with insufficient rate limiting



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store