Home > Vulnerability Database > CVE-2024-42330

Mend.io Vulnerability Database

CVE-2024-42330

Date: November 27, 2024

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

Language: C

Severity Score

9.1

Related Resources (3)

Url: https://support.zabbix.com/browse/ZBX-25626

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-42330

Url: https://www.mend.io/vulnerability-database/CVE-2024-42330

Severity Score

9.1

Weakness Type (CWE)

Use of Externally-Controlled Format String

CWE-134

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-42330

Date: November 27, 2024

Language: C

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?