Not to be fixed
Created: Feb 20, 2024
Updated: Apr 8, 2024
Resolved Date: Apr 8, 2024
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CREATE(Triage):(User=admin) CVE-2024-1551 (https://nvd.nist.gov/vuln/detail/CVE-2024-1551)
