CVE-2024-42366

CVSS 3.1 Score 9.0 of 10 (high)

Details

Published Aug 8, 2024
Updated: Aug 29, 2024
CWE ID 79
CWE ID 269

Summary

CVE-2024-42366 is a vulnerability affecting the VRCX assistant application for VRChat. In impacted versions before 2023.12.24, a CefSharp browser with excessive permissions and cross-site scripting vulnerability via overlay notifications could collectively lead to remote command execution. This issue has been addressed in VRCX version 2024.03.23 with the implementation of a patch. Additionally, VRCX maintainers collaborated with VRC to restrict the usage of older VRCX versions on their API, compelling users to upgrade their installations for continued access to the service.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share