TROYANOSYVIRUS
Voltar para CVEs

CVE-2024-48463

MEDIUM
6.5

Descricao

Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer.

Detalhes CVE

Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado11/4/2024
Ultima modificacao9/23/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

usebruno:bruno

Fraquezas (CWE)

CWE-601

Referencias

https://gist.github.com/opcod3r/ab69f36d52367df7ffac32a597dff31c(cve@mitre.org)
https://github.com/usebruno/bruno/pull/3122(cve@mitre.org)
https://github.com/usebruno/bruno/releases/tag/v1.29.1(cve@mitre.org)
https://www.usebruno.com/changelog(cve@mitre.org)
http://seclists.org/fulldisclosure/2025/Jan/6(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.