Twitter-Post-Fetcher ଯେପର୍ଯ୍ୟନ୍ତ 17.x Link Target js/twitterFetcher.js

Rakkoon nageenyaa kan ସମସ୍ୟାଜନକ jedhamuun beekamu Twitter-Post-Fetcher ଯେପର୍ଯ୍ୟନ୍ତ 17.x keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii js/twitterFetcher.js keessa kutaa Link Target Handler keessa. Hojii jijjiirraa gara dadhabina hin beekamne geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-1022 geessa. Dadhabbii kana yeroo 12/29/2022 maxxanfameera akka 170. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2018-25058tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Beekamtii paachii kanaa 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3 dha. Sirreeffamni rakkoo github.com irratti buufachuuf qophaa’eera. Qabiyyee miidhamte fooyyessuuf gorsa ni kennama. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 67 ପଏଣ୍ଟ

ଫିଲ୍ଡସୃଷ୍ଟି ହୋଇଛି
12/29/2022 09:01 AM		ଅଦ୍ୟତନ 1/2
01/26/2023 03:12 AM		ଅଦ୍ୟତନ 2/2
01/26/2023 03:20 AM
software_nameTwitter-Post-FetcherTwitter-Post-FetcherTwitter-Post-Fetcher
software_version<=17.x<=17.x<=17.x
software_componentLink Target HandlerLink Target HandlerLink Target Handler
software_filejs/twitterFetcher.jsjs/twitterFetcher.jsjs/twitterFetcher.js
vulnerability_cweCWE-1022CWE-1022CWE-1022
vulnerability_risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
advisory_identifier170170170
advisory_urlhttps://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170
countermeasure_nameଅପଗ୍ରେଡ୍ କରନ୍ତୁଅପଗ୍ରେଡ୍ କରନ୍ତୁଅପଗ୍ରେଡ୍ କରନ୍ତୁ
upgrade_version18.0.018.0.018.0.0
countermeasure_upgrade_urlhttps://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0
patch_name7d281c6fb5acbc29a2cad295262c1f0c19ca56f37d281c6fb5acbc29a2cad295262c1f0c19ca56f37d281c6fb5acbc29a2cad295262c1f0c19ca56f3
countermeasure_patch_urlhttps://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3
source_cveCVE-2018-25058CVE-2018-25058CVE-2018-25058
cna_responsibleVulDBVulDBVulDB
advisory_date1672268400 (12/29/2022)1672268400 (12/29/2022)1672268400 (12/29/2022)
software_typeSocial Network SoftwareSocial Network SoftwareSocial Network Software
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.53.53.5
cvss3_vuldb_basescore4.24.24.2
cvss3_vuldb_tempscore4.04.04.0
cvss3_meta_basescore4.24.24.8
cvss3_meta_tempscore4.04.04.8
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672268400 (12/29/2022)1672268400 (12/29/2022)
cve_nvd_summaryA vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss3_cna_avN
cvss3_cna_acH
cvss3_cna_prN
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss3_nvd_basescore6.1
cvss3_cna_basescore4.2

ପଛକୁସମୀକ୍ଷାଆହୁରି ଦୂରରେ

Do you need the next level of professionalism?

Upgrade your account now!