CVE-2021-20873 Vulnerability Details

  /     /     /  

CVE-2021-20873 Metadata Quick Info

CVE Published: 28/12/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: jpcert | Vendor: Yappli, Inc. | Product: Yappli
Status : PUBLISHED

---

CVE-2021-20873 Description

Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Improper Authorization in Handler for Custom URL Scheme
Source: Yappli, Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).