9.1
CVSSv3

CVE-2024-42330

Published: 27/11/2024 Updated: 27/11/2024

Vulnerability Summary

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

Vulnerability Trend

Vendor Advisories

Debian Bug report logs - #1088689 zabbix: CVE-2024-36464 CVE-2024-36467 CVE-2024-36468 CVE-2024-42326 CVE-2024-42327 CVE-2024-42328 CVE-2024-42329 CVE-2024-42330 CVE-2024-42331 CVE-2024-42332 CVE-2024-42333 Package: src:zabbix; Maintainer for src:zabbix is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Moritz Mühlenhoff & ...