{"vulnerability": "CVE-2023-1384", "sightings": [{"uuid": "2feee62d-5f5f-45e2-85e6-4a822386df6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1384", "type": "seen", "source": "https://t.me/cibsecurity/63228", "content": "\u203c CVE-2023-1384 \u203c\n\nThe setMediaSource function on the amzn.thin.pl service does not sanitize the \"source\" parameter allowing for arbitrary javascript code to be runThis issue affects:Amazon Fire TV Stick 3rd gen\u00c2\u00a0versions prior to 6.2.9.5.Insignia TV with FireOS\u00c2\u00a0versions prior to 7.6.3.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-03T16:31:04.000000Z"}, {"uuid": "5fa25aaf-ebc0-4381-a405-1d04fa87fd60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1384", "type": "seen", "source": "https://t.me/androidMalware/1874", "content": "Vulnerabilities identified in Amazon Fire TV Stick \n1) Local network PIN brute forcing (CVE-2023-1385) \n2) Arbitrary Javascript code to execution (CVE-2023-1384) \n3) Register services that are only locally accessible (CVE-2023-1383) \nhttps://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf", "creation_timestamp": "2023-06-27T08:55:40.000000Z"}]}