PT-2013-1814 · Qt Company · Qt
Jan Lieskovsky
·
Publicado
2013-02-24
·
Atualizado
2021-06-16
·
CVE-2012-5624
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Qt versions prior to 4.8.4
Description
The issue allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. This is due to the XMLHttpRequest object enabling http redirection to the file scheme.
Recommendations
For Qt versions prior to 4.8.4, update to version 4.8.4 or later to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Qt