Unrated severityNVD Advisory· Published Apr 29, 2019· Updated Aug 4, 2024

CVE-2019-11593

Description

In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.

Affected products

Adblockplus/Adblockplusinferred
Range: <3.5.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

adblockplus.org/releases/adblock-plus-352-for-chrome-firefox-and-opera-releasedmitrex_refsource_MISC
armin.dev/blog/2019/04/adblock-plus-code-injection/mitrex_refsource_MISC
gitlab.com/eyeo/adblockplus/adblockpluschrome/issues/1mitrex_refsource_MISC
gitlab.com/eyeo/adblockplus/adblockpluscore/issues/4mitrex_refsource_MISC
news.ycombinator.com/itemmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000