exploitDog

CVE-2022-24075

Опубликовано: 17 мар. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.

Ссылки

https://cve.naver.com/detail/cve-2022-24075
Vendor Advisory
https://cve.naver.com/detail/cve-2022-24075
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*

Версия до 3.12.129.18 (исключая)

EPSS

Процентиль: 56%

0.00341

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-552

CWE-552

Связанные уязвимости

GHSA-4rvm-66vq-v2f2

CVSS3: 6.5

github

почти 4 года назад

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.

EPSS

Процентиль: 56%

0.00341

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-552

CWE-552