Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context. NOTE: this is a no-action cloud vulnerability with zero affected users.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Arc 安全漏洞
Vulnerability Description
Arc是Arc公司的一款浏览器。 Arc 2024-08-26之前版本存在安全漏洞,该漏洞源于存在远程代码执行漏洞,允许攻击者通过配置不当的Firebase ACLs在受害者的浏览器中执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A