Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content, this might lead to Server-Side-Request-Forgery of Remote Code Execution. Upstream Advisory: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m682-v4g9-wrq7
Created nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2004933]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.