CVE-2017-14460

Name of the Vulnerable Software and Affected Versions: Parity Ethereum client version 1.7.8

Description: The issue is related to an overly permissive cross-domain (CORS) whitelist in the JSON-RPC of the Parity Ethereum client. It can be triggered by an automatically sent JSON object to the JSON-RPC endpoint. A victim would need to visit a malicious website for the vulnerability to be exploited.

Recommendations: For Parity Ethereum client version 1.7.8, consider restricting access to the JSON-RPC endpoint as a temporary workaround until a patch is available. Avoid using the JSON-RPC endpoint in browsers where a malicious website could potentially trigger the vulnerability.