PT-2019-19220 · Shazam · Shazam Android App+1

Ashley King

Published

2019-12-18

Updated

2021-01-24

CVE-2019-8792

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shazam Android App versions prior to 9.25.0 Shazam iOS App versions prior to 12.11.0

Description The issue concerns an injection problem that has been addressed through improved validation. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.

Recommendations For Shazam Android App versions prior to 9.25.0, update to version 9.25.0 to resolve the issue. For Shazam iOS App versions prior to 12.11.0, update to version 12.11.0 to resolve the issue.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2019-8792

Affected Products

Shazam Android App

Shazam Ios App

PT-2019-19220 · Shazam · Shazam Android App+1

CVE-2019-8792

Weakness Enumeration

Related Identifiers

Affected Products

References · 9