Description

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX.

INFO

Published Date :

2024-08-08T16:51:07.016Z

Last Modified :

2024-08-09T18:46:59.693Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42366 vulnerability.

Vendors Products
Vrcx-team
  • Vrcx
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42366.

URL Resource
https://github.com/vrcx-team/VRCX/commit/cd2387aa3289f936ce60049121c24b0765bd4180 cve-icon cve-icon
https://github.com/vrcx-team/VRCX/security/advisories/GHSA-j98g-mgjm-wqph cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact