Количество 2
Количество 2
CVE-2023-5654
The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL’s via the victim's browser.
GHSA-rxrc-rgv4-jpvx
React Developer Tools extension Improper Authorization vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-5654 The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL’s via the victim's browser. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| GHSA-rxrc-rgv4-jpvx React Developer Tools extension Improper Authorization vulnerability | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу