Описание
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.
Ссылки
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 4.4 (исключая)
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02201
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.
EPSS
Процентиль: 84%
0.02201
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-20