← Zuruck zu CVEs
CVE-2021-20873
HIGH8.1
Beschreibung
Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL.
CVE Details
CVSS v3.1 Bewertung8.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht12/28/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
yappli:yappli
Schwachen (CWE)
CWE-862
Referenzen
https://jvn.jp/en/jp/JVN66422035/index.html(vultures@jpcert.or.jp)
https://support.yappli.co.jp/hc/ja/articles/4410249902745(vultures@jpcert.or.jp)
https://jvn.jp/en/jp/JVN66422035/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://support.yappli.co.jp/hc/ja/articles/4410249902745(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.