Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-42330

Опубликовано: 27 нояб. 2024
Источник: debian
EPSS Низкий

Описание

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
zabbixfixed1:7.0.5+dfsg-1package
zabbixignoredbookwormpackage

Примечания

  • https://support.zabbix.com/browse/ZBX-25626

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e82c5941242edc9f4a96e101caaf27e106f73f47 (7.0.4rc1)

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/6dfc7a30e8e3ecd984cb64da6430f4c1fc61ec2d (6.0.34rc1)

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/4b4d207a2edd2d175a40240a4b4a6ee573f3dc3d (5.0.46rc1)

EPSS

Процентиль: 38%
0.0017
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-42330

CVSS3: 9.1
ubuntu
больше 1 года назад

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

nvd логотип

CVE-2024-42330

CVSS3: 9.1
nvd
больше 1 года назад

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

github логотип

GHSA-q4wv-f3rp-mjgr

CVSS3: 9.1
github
больше 1 года назад

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

fstec логотип

BDU:2024-10774

CVSS3: 9.1
fstec
больше 1 года назад

Уязвимость сервера универсальной системы мониторинга Zabbix, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

redos логотип

ROS-20250326-08

CVSS3: 9.1
redos
около 1 года назад

Множественные уязвимости zabbix7-lts-server-pgsql

EPSS

Процентиль: 38%
0.0017
Низкий