Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for Yappli by Yappli, Inc.

jvndb-2021-000112

Vulnerability from jvndb

Published

2021-12-22 15:07

Modified

2021-12-22 15:07

Severity ?

5.5 (Medium) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

Android Apps developed using Yappli fails to restrict custom URL schemes properly

Details

Yappli provided by Yappli, Inc. is an application development platform. Android Apps that are developed with Yappli provide the function to access a requested URL using Custom URL Scheme. The access to the function is not restricted properly (CWE-939) which may be exploited to direct the App to connect to unintended sites. RyotaK reported and coordinated with the developer to fix this vulnerability. After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN66422035/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2021-20873
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20873
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Yappli, Inc.

Yappli

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000112.html",
  "dc:date": "2021-12-22T15:07+09:00",
  "dcterms:issued": "2021-12-22T15:07+09:00",
  "dcterms:modified": "2021-12-22T15:07+09:00",
  "description": "Yappli provided by Yappli, Inc. is an application development platform.\r\nAndroid Apps that are developed with Yappli provide the function to access a requested URL using Custom URL Scheme.\r\nThe access to the function is not restricted properly (CWE-939) which may be exploited to direct the App to connect to unintended sites.\r\n\r\nRyotaK reported and coordinated with the developer to fix this vulnerability.\r\nAfter coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000112.html",
  "sec:cpe": {
    "#text": "cpe:/a:yappli:yappli",
    "@product": "Yappli",
    "@vendor": "Yappli, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000112",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN66422035/index.html",
      "@id": "JVN#66422035",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2021-20873",
      "@id": "CVE-2021-20873",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20873",
      "@id": "CVE-2021-20873",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Android Apps developed using Yappli fails to restrict custom URL schemes properly"
}