exploitDog

GHSA-mp57-r77r-477p

Опубликовано: 25 авг. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 7.4

Описание

The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this is only exploitable by third-party applications.)

The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this is only exploitable by third-party applications.)

Ссылки

EPSS

Процентиль: 20%

0.00064

Низкий

7.4 High

CVSS3

CVE ID

Связанные уязвимости

CVE-2024-45240

CVSS3: 7.4

nvd

больше 1 года назад

The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this is only exploitable by third-party applications.)

EPSS

Процентиль: 20%

0.00064

Низкий

7.4 High

CVSS3

CVE ID