Home > Vulnerability Database > WS-2022-0096

Mend.io Vulnerability Database

WS-2022-0096

Good to know:

Date: March 3, 2022

In @advanced-rest-client/base before 0.1.10, when the end-user click on the response header that contains a link the target will be opened in ARC new window. This window will have the default preload script loaded which allows the scripts embedded in the link target to execute any logic that ARC has access to from the renderer process, which includes file system access, data store access (which may contain sensitive information), and some additional processes that only ARC should have access to.

Language: JS

Severity Score

9.8

Related Resources (2)

Url: https://github.com/advanced-rest-client/base/commit/f3f6db888212b5c8a4799eb13ca76318fd1de212

Url: https://www.mend.io/vulnerability-database/WS-2022-0096

Severity Score

9.8

Weakness Type (CWE)

Execution with Unnecessary Privileges

CWE-250

Top Fix

Upgrade Version

Upgrade to version @advanced-rest-client/base - 0.1.10

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2022-0096

Good to know:

Date: March 3, 2022

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?