← Back

CVE-2021-45884

nvd nist
Published: Dec 27, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.

Affected (1)

Products: Brave: Brave
Brave
1 product
Brave
Configuration A
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Brave
From 1.17.1 to 1.33.106
Running on/withPlatform Versions
Apple
Macos
All versions
Linux
Linux Kernel
All versions
Microsoft
Windows
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

Source: cve@mitre.org
ExploitIssue TrackingPatchThird Party Advisory
Source: cve@mitre.org
Issue TrackingRelease NotesThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingRelease NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required

Timeline

No history available yet.