CVE-2021-22917

MEDIUM

Brave Browser Desktop <1.17-1.20 - Info Disclosure

Title source: llm
STIX 2.1

Description

Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1077022

Scores

CVSS v3 6.5
EPSS 0.0123
EPSS Percentile 65.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
brave/browser 1.17 - 1.20
Published Jul 12, 2021
Tracked Since Feb 18, 2026