PT-2019-19789 · Freenet · Freenet
Mgrube
·
Published
2019-06-05
·
Updated
2019-06-10
·
CVE-2019-9673
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Freenet version 1483
Description
The issue allows for arbitrary JavaScript execution via a crafted Freenet URI, due to a MIME type bypass.
Recommendations
For version 1483, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting the execution of JavaScript code from Freenet URIs to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freenet