CVE-2024-42330
CRITICALDescription
The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.
Is your site exposed to CVE-2024-42330?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| zabbix | zabbix |
| zabbix | zabbix |
| zabbix | zabbix |
| zabbix | zabbix |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2024-42330? +
How severe is CVE-2024-42330? +
What products are affected by CVE-2024-42330? +
How do I check if I'm vulnerable to CVE-2024-42330? +
Related Vulnerabilities
Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing …
A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort …
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending …
An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of …
An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly …
WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application …