Vulnerability Details CVE-2022-24072
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2022-24072
-
cpe:2.3:a:navercorp:whale:-
-
cpe:2.3:a:navercorp:whale:0.10.36.11
-
cpe:2.3:a:navercorp:whale:0.10.36.14
-
cpe:2.3:a:navercorp:whale:0.10.36.20
-
cpe:2.3:a:navercorp:whale:0.4.3.0
-
cpe:2.3:a:navercorp:whale:0.5.16.0
-
cpe:2.3:a:navercorp:whale:0.5.17.0
-
cpe:2.3:a:navercorp:whale:0.5.18.4
-
cpe:2.3:a:navercorp:whale:0.5.19.0
-
cpe:2.3:a:navercorp:whale:0.5.20.4
-
cpe:2.3:a:navercorp:whale:0.5.20.6
-
cpe:2.3:a:navercorp:whale:0.5.21.3
-
cpe:2.3:a:navercorp:whale:0.5.22.3
-
cpe:2.3:a:navercorp:whale:0.5.23.6
-
cpe:2.3:a:navercorp:whale:0.5.24.3
-
cpe:2.3:a:navercorp:whale:0.5.25.5
-
cpe:2.3:a:navercorp:whale:0.7.26.4
-
cpe:2.3:a:navercorp:whale:0.7.27.4
-
cpe:2.3:a:navercorp:whale:0.7.28.3
-
cpe:2.3:a:navercorp:whale:0.7.29.5
-
cpe:2.3:a:navercorp:whale:0.7.30.7
-
cpe:2.3:a:navercorp:whale:0.7.31.4
-
cpe:2.3:a:navercorp:whale:0.7.32.5
-
cpe:2.3:a:navercorp:whale:0.7.32.9
-
cpe:2.3:a:navercorp:whale:0.7.33.5
-
cpe:2.3:a:navercorp:whale:0.9.34.10
-
cpe:2.3:a:navercorp:whale:0.9.34.9
-
cpe:2.3:a:navercorp:whale:0.9.35.4
-
cpe:2.3:a:navercorp:whale:0.9.35.6
-
cpe:2.3:a:navercorp:whale:1.0.37.12
-
cpe:2.3:a:navercorp:whale:1.0.37.13
-
cpe:2.3:a:navercorp:whale:1.0.37.16
-
cpe:2.3:a:navercorp:whale:1.0.38.8
-
cpe:2.3:a:navercorp:whale:1.0.38.9
-
cpe:2.3:a:navercorp:whale:1.0.39.11
-
cpe:2.3:a:navercorp:whale:1.0.39.16
-
cpe:2.3:a:navercorp:whale:1.0.40.10
-
cpe:2.3:a:navercorp:whale:1.0.40.7
-
cpe:2.3:a:navercorp:whale:1.0.40.8
-
cpe:2.3:a:navercorp:whale:1.0.41.8
-
cpe:2.3:a:navercorp:whale:1.1.2
-
cpe:2.3:a:navercorp:whale:1.10.0
-
cpe:2.3:a:navercorp:whale:1.10.1
-
cpe:2.3:a:navercorp:whale:1.10.2
-
cpe:2.3:a:navercorp:whale:1.10.3
-
cpe:2.3:a:navercorp:whale:1.11.0
-
cpe:2.3:a:navercorp:whale:1.12.0
-
cpe:2.3:a:navercorp:whale:1.12.1
-
cpe:2.3:a:navercorp:whale:1.13.0
-
cpe:2.3:a:navercorp:whale:1.13.1
-
cpe:2.3:a:navercorp:whale:1.14.0
-
cpe:2.3:a:navercorp:whale:1.15.0
-
cpe:2.3:a:navercorp:whale:1.3.0
-
cpe:2.3:a:navercorp:whale:1.3.48.10
-
cpe:2.3:a:navercorp:whale:1.3.48.4
-
cpe:2.3:a:navercorp:whale:1.3.48.8
-
cpe:2.3:a:navercorp:whale:1.3.49.6
-
cpe:2.3:a:navercorp:whale:1.3.50.3
-
cpe:2.3:a:navercorp:whale:1.3.51.6
-
cpe:2.3:a:navercorp:whale:1.3.51.7
-
cpe:2.3:a:navercorp:whale:1.3.52.8
-
cpe:2.3:a:navercorp:whale:1.3.53.4
-
cpe:2.3:a:navercorp:whale:1.4.0
-
cpe:2.3:a:navercorp:whale:1.4.63.11
-
cpe:2.3:a:navercorp:whale:1.4.63.6
-
cpe:2.3:a:navercorp:whale:1.4.63.9
-
cpe:2.3:a:navercorp:whale:1.4.64.3
-
cpe:2.3:a:navercorp:whale:1.4.64.6
-
cpe:2.3:a:navercorp:whale:1.5.0
-
cpe:2.3:a:navercorp:whale:1.5.71.12
-
cpe:2.3:a:navercorp:whale:1.5.71.15
-
cpe:2.3:a:navercorp:whale:1.5.72.4
-
cpe:2.3:a:navercorp:whale:1.5.72.5
-
cpe:2.3:a:navercorp:whale:1.5.73.6
-
cpe:2.3:a:navercorp:whale:1.6.0
-
cpe:2.3:a:navercorp:whale:1.7.0
-
cpe:2.3:a:navercorp:whale:1.8.0
-
cpe:2.3:a:navercorp:whale:1.8.1
-
cpe:2.3:a:navercorp:whale:1.9.0
-
cpe:2.3:a:navercorp:whale:1.9.1
-
cpe:2.3:a:navercorp:whale:1.9.2
-
cpe:2.3:a:navercorp:whale:1.9.3
-
cpe:2.3:a:navercorp:whale:1.9.4
-
cpe:2.3:a:navercorp:whale:1.9.5