VYPR
Moderate severityNVD Advisory· Published Mar 14, 2022· Updated Sep 18, 2024

Exposure of Sensitive Information to an Unauthorized Actor in sysend.js

CVE-2022-24762

Description

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sysendnpm
< 1.10.01.10.0

Affected products

2
  • ghsa-coords
    Range: < 1.10.0
  • jcubic/sysend.jsv5
    Range: < 1.10.0

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.