CVE-2024-45045: 
NixOS vulnerability analysis and mitigation

Collabora Online, a collaborative online office suite based on LibreOffice technology, was found to have a JavaScript injection vulnerability in its mobile (Android/iOS) device variants. The vulnerability (CVE-2024-45045) was discovered and disclosed on August 29, 2024, affecting versions prior to 24.04.6.2. The vulnerability specifically impacts the mobile variants of the application, while non-mobile variants remain unaffected (NVD, GitHub Advisory).

The vulnerability allows attackers to inject JavaScript via URL encoded values in links contained within documents. The severity of this vulnerability is rated as MEDIUM with a CVSS v3.1 base score of 6.1. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) by NIST and CWE-84 (Improper Neutralization of Encoded URI Schemes in a Web Page) by GitHub (NVD).

The vulnerability's impact is considered high specifically for Android variants because the Android JavaScript interface allows access to internal functions. This access could potentially lead to the app being compromised if successfully exploited (GitHub Advisory).

Users of mobile variants should update to version 24.04.6.2 or later through their respective platform app stores. There are no known workarounds for this vulnerability, making the update the only effective mitigation strategy (GitHub Advisory).