CVE-2022-47934
MEDIUM WAF: Medium
CVSS 6.5
Published: 2022-12-24
CWE-400
Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934.
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| brave | brave | up to 1.43.88 |
References
- github.com (Exploit, Issue Tracking, Third Party Advisory)
- github.com (Issue Tracking, Release Notes, Third Party Advisory)
- github.com (Patch, Third Party Advisory)
- github.com (Patch, Third Party Advisory)
- hackerone.com (Permissions Required, Third Party Advisory)