DingTalk RCE Vulnerability
Affected version
Version: 6.3.5
https://dtapp-pub.dingtalk.com/dingtalk-desktop/win_installer/Release/DingTalk_v6.3.5.11308701.exe
trigger method
dingtalk://dingtalkclient/page/link?url=127.0.0.1/test.html&pc_slide=true
Successfully reproduced
POC
Reference https://github.com/crazy0x70/dingtalk-RCE
Repair method
Upgrade to the latest version 6.3.25