On January 9th, 2024, Weave was notified through their responsible disclosure system that Weave version 7.78.10 is vulnerable to arbitrary code execution and as of April 9th, 2024, is still vulnerable.
Note while Weave does list a paid bug bounty on their site, no compensation was given.
- Weave Desktop
- Affected: All current versions (7.78.10 through 7.84.1 confirmed)