CVE-2019-11595 — Improper Input Validation in Ublock Origin

CWE-20 — Improper Input Validation2 documents2 sources
Severity
9.0CRITICALNVD
EPSS
0.9%
top 23.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ublockorigin Ublock Origin
Timeline
PublishedApr 29
Latest updateMay 24

Description

In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages1 packages

â–¶NVDublockorigin/ublock_origin< 0.9.5.15

🔴Vulnerability Details

1
GHSA
GHSA-cq4j-49w3-ppw7: In uBlock before 0↗2022-05-24
â–¶
CVE-2019-11595 — Improper Input Validation | cvebase