CVE-2022-24075

Published: Mar 17, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.

Affected (1)

Products: Navercorp: Whale

Navercorp

1 product

Whale

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Navercorp Whale	Before 3.12.129.18

Related CWEs

CWE-552

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (2)

https://cve.naver.com/detail/cve-2022-24075

Source: cve@navercorp.com

Vendor Advisory

https://cve.naver.com/detail/cve-2022-24075

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.