CVE-2022-0343

2022-03-2916:15:07

Google

osv.dev

local attacker

http request

run-dev-server script

AI Score

6.6

Confidence

High

EPSS

Percentile

5.1%

JSON

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2

References

android-review.googlesource.com/c/platform/external/perfetto/+/1999296/