The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
References
Link | Resource |
---|---|
https://cve.naver.com/detail/cve-2022-24072 | Vendor Advisory |
Configurations
History
23 Mar 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
References | (CONFIRM) https://cve.naver.com/detail/cve-2022-24072 - Vendor Advisory | |
CPE | cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo |
17 Mar 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-17 06:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-24072
Mitre link : CVE-2022-24072
CVE.ORG link : CVE-2022-24072
JSON object : View
Products Affected
navercorp
- whale
CWE