CVE-2024-42330 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-42330 Interim 1 4 2025-03-24T00:35:49Z current 2024-11-28T00:25:36Z 2025-03-24T00:35:49Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-42330 The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 12 SP3-LTSS zabbix zabbix-agent zabbix-agent as a component of SUSE Linux Enterprise Server 12 SP4-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP4-LTSS zabbix-agent as a component of SUSE Linux Enterprise Server 12 SP5-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP5-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security zabbix as a component of SUSE Linux Enterprise Server Teradata 12 SP3 zabbix as a component of SUSE Linux Enterprise Server Teradata 12 SP3-LTSS The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects. CVE-2024-42330 SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix-agent SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:zabbix SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix-agent SUSE Linux Enterprise Server Teradata 12 SP3-LTSS:zabbix SUSE Linux Enterprise Server Teradata 12 SP3:zabbix important 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H