Nvidia fixed the command injection vulnerability but kept the Node endpoints exposed with an open CORS policy. Expect more vulnerability reports to come.
Uninstall GeForce Experience now unless you need ShadowPlay.
Quote Tweet
New blog post on CVE-2019-5678 found by @daveysec: OS command injection in NVIDIA GeForce Experience
bit.ly/2Xh599n
1
2
