Описание
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.14.0 (исключая)
cpe:2.3:a:brave:brave:*:*:*:*:*:linux_kernel:*:*
EPSS
Процентиль: 47%
0.00238
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 6.5
debian
больше 7 лет назад
A hang issue was discovered in Brave before 0.14.0 (on, for example, L ...
CVSS3: 6.5
github
больше 3 лет назад
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element.
EPSS
Процентиль: 47%
0.00238
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20