Vulnerabilities > CVE-2017-14460 - Unspecified vulnerability in Parity Ethereum Client 1.7.8
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Talos
id | TALOS-2017-0508 |
last seen | 2019-05-29 |
published | 2018-01-09 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508 |
title | Parity Ethereum Client Overly Permissive Cross-domain Whitelist JSON-RPC vulnerability |