Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-7939

Опубликовано: 22 янв. 2015
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Версия до 40.0.2214.85 (включая)
Конфигурация 2
cpe:2.3:a:chromium:chromium:40.0.2214.110:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

EPSS

Процентиль: 71%
0.00694
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2014-7939

ubuntu
около 11 лет назад

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

redhat логотип

CVE-2014-7939

redhat
около 11 лет назад

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

debian логотип

CVE-2014-7939

debian
около 11 лет назад

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...

github логотип

GHSA-m956-r3pg-f666

github
больше 3 лет назад

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

EPSS

Процентиль: 71%
0.00694
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264