关键信息 CVE ID: CVE-2024-6051 Publication Date: 30 September 2024 Vendor: Vercom S.A. Product: Redlink SDK Vulnerable Versions: All through 1.13 Vulnerability Type (CWE): Improper Control of Resource Identifiers ('Resource Injection') (CWE-99) Report Source: Report to CERT Polska Description CERT Polska has received a report about a vulnerability in Vercom S.A. Redlink SDK (Software Development Kit) and participated in coordination of its disclosure. The Cross Application Scripting vulnerability CVE-2024-6051 in Vercom S.A. Redlink SDK in specific situations allows code injection and to manipulate the view of a vulnerable application. This issue affects Redlink SDK versions through 1.13. Credits We thank Maksymilian Motyl from Immunity Systems for the responsible vulnerability report. More about the coordinated vulnerability disclosure process at CERT Polska can be found at .