exploitDog

GHSA-v9m4-696p-qh68

Опубликовано: 12 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.1

Описание

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

Ссылки

EPSS

Процентиль: 8%

0.00029

Низкий

7.1 High

CVSS3

CVE ID

Дефекты

CWE-863

Связанные уязвимости

CVE-2023-6542

CVSS3: 7.1

nvd

около 2 лет назад

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

BDU:2025-05011

CVSS3: 7.1

fstec

около 4 лет назад

Уязвимость программного обеспечения для интеграции функций Emarsys в мобильные приложения операционных систем Android Emarsys SDK, связанная с недостатками механизма авторизации, позволяющая нарушителю перенаправить пользователя на произвольный URL-адрес

EPSS

Процентиль: 8%

0.00029

Низкий

7.1 High

CVSS3

CVE ID

Дефекты

CWE-863