CVE-2022-24072

MEDIUM

Whale < 3.12.129.18 - Arbitrary JavaScript Injection via DevTools API

Title source: llm
STIX 2.1

Description

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://cve.naver.com/detail/cve-2022-24072

Scores

CVSS v3 6.1
EPSS 0.0056
EPSS Percentile 42.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-269
Status published
Products (1)
navercorp/whale < 3.12.129.18
Published Mar 17, 2022
Tracked Since Feb 18, 2026