exploitDog

CVE-2022-24074

Опубликовано: 17 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.

Ссылки

https://cve.naver.com/detail/cve-2022-24074
Vendor Advisory
https://cve.naver.com/detail/cve-2022-24074
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*

Версия до 3.12.129.18 (исключая)

EPSS

Процентиль: 66%

0.00504

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-668

CWE-668

Связанные уязвимости

GHSA-2hh3-2vjw-vgr4

CVSS3: 9.8

github

почти 4 года назад

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.

EPSS

Процентиль: 66%

0.00504

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-668

CWE-668