VYPR
Unrated severityNVD Advisory· Published Nov 20, 2018· Updated Aug 5, 2024

CVE-2018-19335

CVE-2018-19335

Description

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Google/Monorailinferred2 versions
    < 2018-06-07+ 1 more
    • (no CPE)range: < 2018-06-07
    • (no CPE)range: < 2018-06-07

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.