CVE-2024-42366

CVSS V2 None CVSS V3 None

Description

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX.

Overview

CVE ID
CVE-2024-42366

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-08-08T16:51:07.016Z

Last Modified Date
2024-08-08T16:51:07.016Z

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html
CWE-269	http://cwe.mitre.org/data/definitions/269.html

References

Reference URL	Reference Tags
https://github.com/vrcx-team/VRCX/security/advisories/GHSA-j98g-mgjm-wqph	x_refsource_CONFIRM
https://github.com/vrcx-team/VRCX/commit/cd2387aa3289f936ce60049121c24b0765bd4180	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-42366
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42366

History

Created	Old Value	New Value	Data Type	Notes
2024-08-09 13:11:32				Added to TrackCVE