Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-42330

Опубликовано: 27 нояб. 2024
Источник: debian
EPSS Низкий

Описание

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
zabbixfixed1:7.0.5+dfsg-1package

Примечания

  • https://support.zabbix.com/browse/ZBX-25626

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e82c5941242edc9f4a96e101caaf27e106f73f47 (7.0.4rc1)

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/6dfc7a30e8e3ecd984cb64da6430f4c1fc61ec2d (6.0.34rc1)

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/4b4d207a2edd2d175a40240a4b4a6ee573f3dc3d (5.0.46rc1)

EPSS

Процентиль: 29%
0.00104
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-42330

CVSS3: 9.1
ubuntu
7 месяцев назад

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

nvd логотип

CVE-2024-42330

CVSS3: 9.1
nvd
7 месяцев назад

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

github логотип

GHSA-q4wv-f3rp-mjgr

CVSS3: 9.1
github
7 месяцев назад

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

fstec логотип

BDU:2024-10774

CVSS3: 9.1
fstec
7 месяцев назад

Уязвимость сервера универсальной системы мониторинга Zabbix, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

redos логотип

ROS-20250326-08

CVSS3: 9.1
redos
3 месяца назад

Множественные уязвимости zabbix7-lts-server-pgsql

EPSS

Процентиль: 29%
0.00104
Низкий