The issue was not directly exploitable in UiPath Apps, as it required the attacker to have the rights to create an app and send the malicious icon URL to other users in order to exploit it. The vulnerability was not triggered by just browsing the application with the malicious icon.
More details can be found in the advisory section of the UiPath Trust Portal.
Erratum 16 December 2021: added link to the UiPath Trust Portal advisory for these issues.
- Previously, when using Apps in the Automation Suite offline environment, some components were not loaded properly. This is now fixed and all components are loaded as expected.
- Previously, when assigning an app variable in the Assign file to app variable property in the Get File from Storage bucket rule, the app variable was not saved. This is now fixed and the variable is saved.
Updated 9 months ago