CVE-2019-2198

Name of the Vulnerable Software and Affected Versions Android versions 8.0 through 10

Description The issue concerns a SQL injection vulnerability in the Download Provider. This could lead to local information disclosure without requiring additional execution privileges. User interaction is not needed for exploitation. The vulnerability allows for blind SQL injection, which can retrieve user cookies of downloaded file websites, such as Gmail.

Recommendations For Android versions 8.0 through 10, update to a version patched after November 2019 to resolve the issue. As a temporary workaround, consider restricting access to the Download Provider to minimize the risk of exploitation.