exploitDog

GHSA-2c64-5hcr-p4hq

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Ссылки

EPSS

Процентиль: 39%

0.00174

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-295

Связанные уязвимости

CVE-2017-2387

CVSS3: 4.8

nvd

больше 8 лет назад

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS

Процентиль: 39%

0.00174

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-295