Name of the Vulnerable Software and Affected Versions Advanced Rest Client versions prior to 17.0.9

Description The issue allows scripts embedded in a link target to execute any logic that Advanced Rest Client has access to from the renderer process. This includes file system access, data store access which may contain sensitive information, and some additional processes that only Advanced Rest Client should have access to. This occurs when the end-user clicks on a response header that contains a link, causing the target to be opened in a new window with the default preload script loaded.

Recommendations For versions prior to 17.0.9, update to version 17.0.9 to resolve the issue. As a temporary workaround, do not click on any link in the response headers view.