CVE-2022-24073

Published: Mar 17, 2022Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.7

Source: NVD

Description

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.

Affected (1)

Products: Navercorp: Whale

Navercorp

1 product

Whale

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Navercorp Whale	Before 3.12.129.18

Related CWEs

CWE-648

Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

References (2)

https://cve.naver.com/detail/cve-2022-24073

Source: cve@navercorp.com

Vendor Advisory

https://cve.naver.com/detail/cve-2022-24073

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.