exploitDog

CVE-2024-25677

Опубликовано: 09 фев. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.

Ссылки

https://github.com/minbrowser/min/security/advisories/GHSA-4w9v-7h8h-rv8x
Third Party Advisory
https://github.com/minbrowser/min/security/advisories/GHSA-4w9v-7h8h-rv8x
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:minbrowser:min:1.29.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00084

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-284

Связанные уязвимости

GHSA-xw9w-mmhr-225x

CVSS3: 8.8

github

больше 1 года назад

In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.

EPSS

Процентиль: 25%

0.00084

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-284