{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-52270", "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing.\nDisplayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.\nThis issue affects DropBox Sign(HelloSign): through 2024-12-04." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-451 User Interface (UI) Misrepresentation of Critical Information", "cweId": "CWE-451" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "DropBox(HelloSign)", "product": { "product_data": [ { "product_name": "DropBox Sign", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "lessThanOrEqual": "2024-12-04", "status": "affected", "version": "0", "versionType": "git" } ], "defaultStatus": "affected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.vulsec.org/advisories", "refsource": "MISC", "name": "https://www.vulsec.org/advisories" }, { "url": "https://www.loom.com/share/48f63594e14c49e19840ad9cb7d60453?sid=816c6afa-0b67-4b0b-98ff-d5c58d464038", "refsource": "MISC", "name": "https://www.loom.com/share/48f63594e14c49e19840ad9cb7d60453?sid=816c6afa-0b67-4b0b-98ff-d5c58d464038" }, { "url": "https://new.space/s/ZuHoujvkjdzfY7Uihah7Yg#SKWLU_g2Cihfj4qsq9XNy6F4saxVAzD876PujiDOYfs", "refsource": "MISC", "name": "https://new.space/s/ZuHoujvkjdzfY7Uihah7Yg#SKWLU_g2Cihfj4qsq9XNy6F4saxVAzD876PujiDOYfs" }, { "url": "https://drive.proton.me/urls/Z6DHXNRZQC#jkfO38rjOiOj", "refsource": "MISC", "name": "https://drive.proton.me/urls/Z6DHXNRZQC#jkfO38rjOiOj" }, { "url": "https://sign.dropbox.com/", "refsource": "MISC", "name": "https://sign.dropbox.com/" }, { "url": "https://app.hellosign.com/", "refsource": "MISC", "name": "https://app.hellosign.com/" } ] }, "generator": { "engine": "Vulnogram 0.2.0" }, "source": { "discovery": "USER" }, "work_around": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "* If other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection
* If possible - Download the PDF file and perform full flattening (of the entire document, not just form fields)" } ], "value": "* If other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection\n* If possible - Download the PDF file and perform full flattening (of the entire document, not just form fields)" } ], "exploit": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Known, potentially in use (e.g., spear phishing)" } ], "value": "Known, potentially in use (e.g., spear phishing)" } ], "credits": [ { "lang": "en", "value": "Erez Kalman" } ] }