Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1.
References
Link | Resource |
---|---|
https://github.com/birb-digital/wrongthink/security/advisories/GHSA-529v-f2gf-62w9 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-04-22T00:05:16
Updated: 2021-04-22T00:05:16
Reserved: 2021-03-30T00:00:00
Link: CVE-2021-29467
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-22T00:15:08.140
Modified: 2021-04-29T17:23:54.027
Link: CVE-2021-29467
JSON object: View
Redhat Information
No data.