MEDIUM 6.1
GHSA-5624-2pmv-jx46
Summarize contains a missing authorization vulnerability
상세
Summarize prior to 0.15.0 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read, create, overwrite, or delete automation artifacts scoped to the affected tab without proper authorization checks.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2026-45243 [ADVISORY]
- https://github.com/steipete/summarize/pull/222 [WEB]
- https://github.com/steipete/summarize/commit/357544063af535bd574752622f9eb94be33ee5fd [WEB]
- https://github.com/steipete/summarize [PACKAGE]
- https://github.com/steipete/summarize/releases/tag/v0.15.1 [WEB]
- https://github.com/steipete/summarize/releases/tag/v0.15.2 [WEB]
- https://www.vulncheck.com/advisories/summarize-browser-extension-missing-authorization-via-content-script [WEB]