CVE-2024-51498

CVSS V2 None CVSS V3 None
Description
cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the `javascript:` protocol, resulting in Cross-site Scripting (XSS) when the user tries to download an item from a picker. This issue has been present since commit `66bac03e`, was mitigated in commit `97977efa` (correctly configured web instances were no longer vulnerable) and fully fixed in commit `c4be1d3a` (included in release version 10.2.1). Users are advised to upgrade. Users unable to upgrade should enable a content-security-policy.
Overview
  • CVE ID
  • CVE-2024-51498
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-04T23:07:17.704Z
  • Last Modified Date
  • 2024-11-04T23:07:17.704Z
History
Created Old Value New Value Data Type Notes
2024-11-05 13:07:16 Added to TrackCVE