Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/security-advisories.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/old/android/nc-sa-2019-011.json
diff options
context:
space:
mode:
Diffstat (limited to 'old/android/nc-sa-2019-011.json')
-rw-r--r--old/android/nc-sa-2019-011.json31
1 files changed, 31 insertions, 0 deletions
diff --git a/old/android/nc-sa-2019-011.json b/old/android/nc-sa-2019-011.json
new file mode 100644
index 0000000..75b117a
--- /dev/null
+++ b/old/android/nc-sa-2019-011.json
@@ -0,0 +1,31 @@
+{
+ "Title": "Query restriction bypass on exposed FileContentProvider in Android app",
+ "Timestamp": 1564135200,
+ "Risk": 1,
+ "CVSS3": {
+ "score": 2.7,
+ "vector": "AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L"
+ },
+ "CWE": {
+ "id": 89,
+ "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
+ },
+ "HackerOne": 518669,
+ "Affected":[
+ {
+ "Version":"3.6.1",
+ "CVE":"CVE-2019-15622",
+ "Operator":"<"
+ }
+ ],
+ "Description":"Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries.",
+ "Acknowledgment":[
+ {
+ "Name": "Julien Thomas",
+ "Company": "Protektoid.com project",
+ "Website": "https://twitter.com/julien_thomas",
+ "Reason": "Vulnerability discovery and disclosure."
+ }
+ ],
+ "Resolution": "It is recommended that users upgrade to version 3.6.1 or later."
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 03:52:26 +0300