exploitDog

CVE-2017-17226

Опубликовано: 09 мар. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 6.8

EPSS Низкий

Описание

The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tripadvisor:tamobileapp:*:*:*:*:*:*:*:*

Версия до 24.6.4 (исключая)

EPSS

Процентиль: 40%

0.00178

Низкий

5.3 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-69ff-qjx5-6w9x

CVSS3: 5.3

github

больше 3 лет назад

The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL.

EPSS

Процентиль: 40%

0.00178

Низкий

5.3 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20