Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL’s via the victim's browser.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
授权机制不恰当
Vulnerability Title
React Developer Tools 安全漏洞
Vulnerability Description
Facebook React Developer Tools是Facebook公司的一个用于构建用户界面的 JavaScript 库。 React Developer Tools v4.27.8版本存在安全漏洞,该漏洞源于扩展在内容脚本中会注册消息侦听器,侦听器内的代码通过请求从接收到的消息派生的 URL fetch(),在获取 URL 之前不会对其进行验证或清理,从而允许恶意网页通过受害者的浏览器任意获取 URL。
CVSS Information
N/A
Vulnerability Type
N/A