CVE-2018-1000815

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2.

Ссылки

https://github.com/brave/browser-laptop/issues/15232
Patch
Third Party Advisory
https://github.com/brave/muon/commit/c18663aa171c6cdf03da3e8c70df8663645b97c4
Patch
https://github.com/brave/muon/pull/651
Patch
https://github.com/brave/browser-laptop/issues/15232
Patch
Third Party Advisory
https://github.com/brave/muon/commit/c18663aa171c6cdf03da3e8c70df8663645b97c4
Patch
https://github.com/brave/muon/pull/651
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:brave:brave:*:*:*:*:*:*:*:*

Версия от 0.22.810 (включая) до 0.24.0 (включая)

EPSS

Процентиль: 52%

0.00291

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2018-1000815

CVSS3: 4.3

debian

около 7 лет назад

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains ...

GHSA-56pr-74v5-7m5w

CVSS3: 4.3

github

больше 3 лет назад

EPSS

Процентиль: 52%

0.00291

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20