Описание
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 24.2 (включая)
cpe:2.3:a:google:perfetto:*:*:*:*:*:*:*:*
EPSS
Процентиль: 3%
0.00015
Низкий
3.3 Low
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-275
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.8
github
почти 4 года назад
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2
EPSS
Процентиль: 3%
0.00015
Низкий
3.3 Low
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-275
NVD-CWE-noinfo