Vulnerability Database

300,444

Total vulnerabilities in the database

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

Published: Nov 27, 2024
Updated: Nov 4, 2025
CVE: CVE-2024-42330
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
zabbix / zabbix	5.0.0	5.4.6
zabbix / zabbix	6.0.0	6.0.34
zabbix / zabbix	6.4.0	6.4.19
zabbix / zabbix	7.0.0	7.0.4

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo