CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-48463: Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer.
Description
Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer.
Classification
CVE ID: CVE-2024-48463
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 17.95% (scored less or equal to compared to others)
EPSS Date: 2025-02-14 (when was this score calculated)
References
https://gist.github.com/opcod3r/ab69f36d52367df7ffac32a597dff31chttps://github.com/usebruno/bruno/releases/tag/v1.29.1
https://www.usebruno.com/changelog
https://github.com/usebruno/bruno/pull/3122