Vulnerability Description
User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04.
Related Weaknesses (CWE)
References
- https://app.hellosign.com/
- https://drive.proton.me/urls/Z6DHXNRZQC#jkfO38rjOiOj
- https://new.space/s/ZuHoujvkjdzfY7Uihah7Yg#SKWLU_g2Cihfj4qsq9XNy6F4saxVAzD876Puj
- https://sign.dropbox.com/
- https://www.loom.com/share/48f63594e14c49e19840ad9cb7d60453?sid=816c6afa-0b67-4b
- https://www.vulsec.org/advisories
FAQ
What is CVE-2024-52270?
CVE-2024-52270 is a documented vulnerability. User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once downlo...
How severe is CVE-2024-52270?
CVSS scoring is not yet available for CVE-2024-52270. Check NVD for updates.
Is there a patch for CVE-2024-52270?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.