CVE-2018-6109

Опубликовано: 09 янв. 2019

Источник: ubuntu

Приоритет: medium

CVSS2: 4.3

CVSS3: 6.5

Описание

readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.

Релиз	Статус	Примечание
artful	released	66.0.3359.139-0ubuntu0.17.10.2
bionic	released	66.0.3359.139-0ubuntu0.18.04.3
cosmic	released	66.0.3359.139-0ubuntu1
devel	released	66.0.3359.139-0ubuntu1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [no longer updated]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [no longer updated]
upstream	released	66.0.3359.117
xenial	released	66.0.3359.139-0ubuntu0.16.04.3

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [Ubuntu touch end-of-life]]
esm-infra/xenial	ignored	Ubuntu touch end-of-life
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [Ubuntu touch end-of-life]
upstream	needs-triage

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2018-6109

CVSS3: 4.3

redhat

почти 8 лет назад

CVE-2018-6109

CVSS3: 6.5

nvd

около 7 лет назад

CVE-2018-6109

CVSS3: 6.5

debian

около 7 лет назад

readAsText() can indefinitely read the file picked by the user, rather ...

GHSA-pcp9-rq8r-pwrj

CVSS3: 6.5

github

больше 3 лет назад

openSUSE-SU-2018:1042-1

suse-cvrf

почти 8 лет назад

Security update for chromium

4.3 Medium

CVSS2

6.5 Medium

CVSS3

CVE-2018-6109

Описание

Пакет chromium-browser

Пакет oxide-qt

Ссылки на источники

Связанные уязвимости