PT-2013-1814 · Qt Company · Qt
Jan Lieskovsky
·
Published
2013-02-24
·
Updated
2021-06-16
·
CVE-2012-5624
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Qt versions prior to 4.8.4
Description
The issue allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. This is due to the XMLHttpRequest object enabling http redirection to the file scheme.
Recommendations
For Qt versions prior to 4.8.4, update to version 4.8.4 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qt