CVE-2024-48463

Name of the Vulnerable Software and Affected Versions Bruno versions prior to 1.29.1

Description The issue arises from Bruno's use of Electron's shell.openExternal function without proper validation of URLs, specifically http or https, when opening windows within the Markdown docs viewer. This lack of validation can lead to unvalidated URL handling.

Recommendations For versions prior to 1.29.1, update to version 1.29.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of Electron's shell.openExternal function within the Markdown docs viewer until a patch is available. Restrict access to the Markdown docs viewer to minimize the risk of exploitation. Avoid using unvalidated URLs in the affected viewer until the issue is resolved.