Active Debug Code

CVE-2021-33591

High

8.8/10

Summary

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-489 - Active Debug Code

The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References

Advisory Timeline

Published May 28, 2021

Active Debug Code

CVE-2021-33591

Summary

CWE-489 - Active Debug Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS