Description

cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the `javascript:` protocol, resulting in Cross-site Scripting (XSS) when the user tries to download an item from a picker. This issue has been present since commit `66bac03e`, was mitigated in commit `97977efa` (correctly configured web instances were no longer vulnerable) and fully fixed in commit `c4be1d3a` (included in release version 10.2.1). Users are advised to upgrade. Users unable to upgrade should enable a content-security-policy.

INFO

Published Date :

2024-11-04T23:07:17.704Z

Last Modified :

2024-11-05T16:47:40.398Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-51498 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-51498.

URL Resource
https://github.com/imputnet/cobalt/commit/66bac03e3078e4e781d2d3903c05ad66a883a354 cve-icon cve-icon
https://github.com/imputnet/cobalt/commit/97977efabd92375f270d1818f38de3b0682c2f19 cve-icon cve-icon
https://github.com/imputnet/cobalt/commit/c4be1d3a37b0deb6b6087ec7a815262ac942daf1 cve-icon cve-icon
https://github.com/imputnet/cobalt/security/advisories/GHSA-cm4c-v4cm-3735 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability