This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. Jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS. This exploit only happens if a user previews a malicious file. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |