Vulnerabilities > CVE-2017-14460 - Unspecified vulnerability in Parity Ethereum Client 1.7.8
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Talos
id | TALOS-2017-0508 |
last seen | 2019-05-29 |
published | 2018-01-09 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508 |
title | Parity Ethereum Client Overly Permissive Cross-domain Whitelist JSON-RPC vulnerability |