Design/Logic Flaw

2022-12-2422:15:00

PRIOn knowledge base

www.prio-n.com

brave browser

denial of service

vulnerability

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.7%

JSON

Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933.

CPENameOperatorVersion
bravelt1.42.51

CPE	Name	Operator	Version
	brave	lt	1.42.51

References

github.com/brave/brave-browser/issues/24093

github.com/brave/brave-core/commit/e73309665508c17e48a67e302d3ab02a38d3ef50

github.com/brave/brave-core/pull/14211

hackerone.com/reports/1636430