A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2
References
Link | Resource |
---|---|
https://android-review.googlesource.com/c/platform/external/perfetto/+/1999296/ | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Google
Published: 2022-03-29T15:10:11
Updated: 2022-03-29T15:10:11
Reserved: 2022-01-24T00:00:00
Link: CVE-2022-0343
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-29T16:15:07.807
Modified: 2022-04-07T16:31:33.783
Link: CVE-2022-0343
JSON object: View
Redhat Information
No data.