diff options
Diffstat (limited to 'old/android/nc-sa-2019-011.json')
-rw-r--r-- | old/android/nc-sa-2019-011.json | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/old/android/nc-sa-2019-011.json b/old/android/nc-sa-2019-011.json new file mode 100644 index 0000000..75b117a --- /dev/null +++ b/old/android/nc-sa-2019-011.json @@ -0,0 +1,31 @@ +{ + "Title": "Query restriction bypass on exposed FileContentProvider in Android app", + "Timestamp": 1564135200, + "Risk": 1, + "CVSS3": { + "score": 2.7, + "vector": "AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L" + }, + "CWE": { + "id": 89, + "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + }, + "HackerOne": 518669, + "Affected":[ + { + "Version":"3.6.1", + "CVE":"CVE-2019-15622", + "Operator":"<" + } + ], + "Description":"Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries.", + "Acknowledgment":[ + { + "Name": "Julien Thomas", + "Company": "Protektoid.com project", + "Website": "https://twitter.com/julien_thomas", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that users upgrade to version 3.6.1 or later." +} |