PT-2019-19220 · Shazam · Shazam Android App+1
Ashley King
·
Publicado
2019-12-18
·
Atualizado
2021-01-24
·
CVE-2019-8792
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Shazam Android App versions prior to 9.25.0
Shazam iOS App versions prior to 12.11.0
Description
The issue concerns an injection problem that has been addressed through improved validation. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.
Recommendations
For Shazam Android App versions prior to 9.25.0, update to version 9.25.0 to resolve the issue.
For Shazam iOS App versions prior to 12.11.0, update to version 12.11.0 to resolve the issue.
Correção
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Shazam Android App
Shazam Ios App