CVE-2024-34714 – Hoppscotch Extension responds to calls made by origins not in the domain list

https://notcve.org/view.php?id=CVE-2024-34714

14 May 2024 — The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit d4e8e4830326f46ba17acd1307977ecd32a85b58, a critical check for the origin list was missed and allowed for messages to be sent to the extension which the extension gladly processed and responded back with the results of, while this wasn't supposed to happen and be blocked by the origin not being pre... • https://github.com/hoppscotch/hoppscotch-extension/commit/7e364b928ab722dc682d0fcad713a96cc38477d6 • CWE-354: Improper Validation of Integrity Check Value •