CVE-2024-56358
CVE-2024-56358
Título es
CVE-2024-56358
Vie, 20/12/2024 – 21:15
Tipo
CWE-79
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-56358
Descripción en
grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are advised to upgrade. Users unable to upgrade should avoid previewing attachments in documents prepared by people they do not trust.
20/12/2024
20/12/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
8.10
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
Enviar en el boletín
Off
