Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for LINE client for iOS by LINE Corporation

    CVE-2026-3861 (GCVE-0-2026-3861)

    Vulnerability from nvd – Published: 2026-04-16 05:54 – Updated: 2026-05-22 05:00
    VLAI
    Summary
    LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily inoperable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    LY Corporation LINE client for iOS Unaffected: 26.3.0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T12:16:15.191045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-451",
                    "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T12:31:11.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LINE client for iOS",
              "vendor": "LY Corporation",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily inoperable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "cvssV4_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T05:00:53.312Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/3422905"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LY-Corporation",
        "cveId": "CVE-2026-3861",
        "datePublished": "2026-04-16T05:54:05.194Z",
        "dateReserved": "2026-03-10T05:02:39.735Z",
        "dateUpdated": "2026-05-22T05:00:53.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14023 (GCVE-0-2025-14023)

    Vulnerability from nvd – Published: 2025-12-15 06:45 – Updated: 2026-01-07 15:10
    VLAI
    Summary
    LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • na
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: 14.0.0 , < 15.19 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14023",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T18:23:07.942451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-451",
                    "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T15:10:15.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "permissions-required"
                ],
                "url": "https://hackerone.com/reports/3260386"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "15.19",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser\u0027s user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 3.1,
                "environmentalSeverity": "LOW",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "HIGH",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 3.1,
                "temporalSeverity": "LOW",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T06:45:23.025Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/3260386"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LY-Corporation",
        "cveId": "CVE-2025-14023",
        "datePublished": "2025-12-15T06:45:23.025Z",
        "dateReserved": "2025-12-04T11:45:06.869Z",
        "dateUpdated": "2026-01-07T15:10:15.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14022 (GCVE-0-2025-14022)

    Vulnerability from nvd – Published: 2025-12-15 06:43 – Updated: 2026-01-07 15:07
    VLAI
    Summary
    LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of network traffic, which could allow a network-adjacent attacker to intercept or modify encrypted communications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • na
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: 15.3 , < 15.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T18:37:27.672507Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T15:07:56.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "15.4",
                  "status": "affected",
                  "version": "15.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application\u0027s network processing, causing server certificate verification to be disabled for a significant portion of network traffic, which could allow a network-adjacent attacker to intercept or modify encrypted communications."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 7.7,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "HIGH",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "LOW",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 7.7,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T06:43:47.276Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/2853445"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LY-Corporation",
        "cveId": "CVE-2025-14022",
        "datePublished": "2025-12-15T06:43:47.276Z",
        "dateReserved": "2025-12-04T11:45:01.936Z",
        "dateUpdated": "2026-01-07T15:07:56.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14021 (GCVE-0-2025-14021)

    Vulnerability from nvd – Published: 2025-12-15 06:41 – Updated: 2025-12-15 15:49
    VLAI
    Summary
    The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • na
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: 14.13 , < 14.14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14021",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T15:48:45.634591Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-451",
                    "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T15:49:07.716Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "14.14",
                  "status": "affected",
                  "version": "14.13",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 4.3,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T06:45:46.378Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/2548498"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LY-Corporation",
        "cveId": "CVE-2025-14021",
        "datePublished": "2025-12-15T06:41:37.992Z",
        "dateReserved": "2025-12-04T11:44:56.068Z",
        "dateUpdated": "2025-12-15T15:49:07.716Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5739 (GCVE-0-2024-5739)

    Vulnerability from nvd – Published: 2024-06-12 07:00 – Updated: 2025-03-28 23:50
    VLAI
    Summary
    The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • na
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: 14.0.0 , < 14.9.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T19:19:41.096728Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T23:50:07.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:07.121Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/2284129"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "14.9.0",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.1,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 6.1,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-20T10:37:22.506Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/2284129"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LY-Corporation",
        "cveId": "CVE-2024-5739",
        "datePublished": "2024-06-12T07:00:35.232Z",
        "dateReserved": "2024-06-07T07:08:09.783Z",
        "dateUpdated": "2025-03-28T23:50:07.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5554 (GCVE-0-2023-5554)

    Vulnerability from nvd – Published: 2023-10-12 09:34 – Updated: 2025-12-09 07:26
    VLAI
    Summary
    Lack of TLS certificate verification in log transmission of a financial module within LINE client for iOS prior to 13.16.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • na
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: 13.12.0 , < 13.16.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/2106827"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5554",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-18T17:49:17.224369Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-18T17:50:42.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "13.16.0",
                  "status": "affected",
                  "version": "13.12.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of TLS certificate verification in log transmission of a financial module within LINE client for iOS prior to 13.16.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 4.8,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "HIGH",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 4.8,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-09T07:26:14.524Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/2106827"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LINE",
        "cveId": "CVE-2023-5554",
        "datePublished": "2023-10-12T09:34:01.586Z",
        "dateReserved": "2023-10-12T09:17:12.045Z",
        "dateUpdated": "2025-12-09T07:26:14.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-41568 (GCVE-0-2022-41568)

    Vulnerability from nvd – Published: 2022-11-29 00:00 – Updated: 2025-04-25 17:21
    VLAI
    Summary
    LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • na
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:49:41.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1701642"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41568",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T17:21:11.086594Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T17:21:40.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-29T00:00:00.000Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LINE"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/1701642"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LINE",
        "cveId": "CVE-2022-41568",
        "datePublished": "2022-11-29T00:00:00.000Z",
        "dateReserved": "2022-09-26T00:00:00.000Z",
        "dateUpdated": "2025-04-25T17:21:40.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41011 (GCVE-0-2021-41011)

    Vulnerability from nvd – Published: 2021-09-22 15:07 – Updated: 2024-08-04 02:59
    VLAI
    Summary
    LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/1279524 x_refsource_MISC
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:59:31.388Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1279524"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-22T15:07:41.000Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LINE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1279524"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "dl_cve@linecorp.com",
              "ID": "CVE-2021-41011",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LINE client for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "11.15.0",
                                "version_value": "\u003c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "LINE Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1279524",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1279524"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LINE",
        "cveId": "CVE-2021-41011",
        "datePublished": "2021-09-22T15:07:42.000Z",
        "dateReserved": "2021-09-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:59:31.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36215 (GCVE-0-2021-36215)

    Vulnerability from nvd – Published: 2021-09-08 17:50 – Updated: 2024-08-04 00:54
    VLAI
    Summary
    LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/1082991 x_refsource_MISC
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:54:50.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1082991"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c="
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-08T17:50:43.000Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LINE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1082991"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "dl_cve@linecorp.com",
              "ID": "CVE-2021-36215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LINE client for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "10.21.3",
                                "version_value": "\u003c="
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "LINE Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1082991",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1082991"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LINE",
        "cveId": "CVE-2021-36215",
        "datePublished": "2021-09-08T17:50:43.000Z",
        "dateReserved": "2021-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:54:50.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36214 (GCVE-0-2021-36214)

    Vulnerability from nvd – Published: 2021-07-13 17:47 – Updated: 2026-04-09 05:41
    VLAI
    Summary
    LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.
    CWE
    • Improper Neutralization of Input During Web Page Generation (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: < , < 10.16.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:54:50.746Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/988332"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "10.16.3",
                  "status": "affected",
                  "version": "\u003c",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.1,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 6.1,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of Input During Web Page Generation (CWE-79)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T05:41:29.746Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/988332"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LINE",
        "cveId": "CVE-2021-36214",
        "datePublished": "2021-07-13T17:47:37.000Z",
        "dateReserved": "2021-07-07T00:00:00.000Z",
        "dateUpdated": "2026-04-09T05:41:29.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3861 (GCVE-0-2026-3861)

    Vulnerability from cvelistv5 – Published: 2026-04-16 05:54 – Updated: 2026-05-22 05:00
    VLAI
    Summary
    LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily inoperable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    LY Corporation LINE client for iOS Unaffected: 26.3.0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T12:16:15.191045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-451",
                    "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T12:31:11.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LINE client for iOS",
              "vendor": "LY Corporation",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily inoperable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "cvssV4_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T05:00:53.312Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/3422905"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LY-Corporation",
        "cveId": "CVE-2026-3861",
        "datePublished": "2026-04-16T05:54:05.194Z",
        "dateReserved": "2026-03-10T05:02:39.735Z",
        "dateUpdated": "2026-05-22T05:00:53.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14023 (GCVE-0-2025-14023)

    Vulnerability from cvelistv5 – Published: 2025-12-15 06:45 – Updated: 2026-01-07 15:10
    VLAI
    Summary
    LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • na
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: 14.0.0 , < 15.19 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14023",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T18:23:07.942451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-451",
                    "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T15:10:15.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "permissions-required"
                ],
                "url": "https://hackerone.com/reports/3260386"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "15.19",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser\u0027s user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 3.1,
                "environmentalSeverity": "LOW",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "HIGH",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 3.1,
                "temporalSeverity": "LOW",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T06:45:23.025Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/3260386"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LY-Corporation",
        "cveId": "CVE-2025-14023",
        "datePublished": "2025-12-15T06:45:23.025Z",
        "dateReserved": "2025-12-04T11:45:06.869Z",
        "dateUpdated": "2026-01-07T15:10:15.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14022 (GCVE-0-2025-14022)

    Vulnerability from cvelistv5 – Published: 2025-12-15 06:43 – Updated: 2026-01-07 15:07
    VLAI
    Summary
    LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of network traffic, which could allow a network-adjacent attacker to intercept or modify encrypted communications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • na
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: 15.3 , < 15.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T18:37:27.672507Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T15:07:56.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "15.4",
                  "status": "affected",
                  "version": "15.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application\u0027s network processing, causing server certificate verification to be disabled for a significant portion of network traffic, which could allow a network-adjacent attacker to intercept or modify encrypted communications."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 7.7,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "HIGH",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "LOW",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 7.7,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T06:43:47.276Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/2853445"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LY-Corporation",
        "cveId": "CVE-2025-14022",
        "datePublished": "2025-12-15T06:43:47.276Z",
        "dateReserved": "2025-12-04T11:45:01.936Z",
        "dateUpdated": "2026-01-07T15:07:56.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14021 (GCVE-0-2025-14021)

    Vulnerability from cvelistv5 – Published: 2025-12-15 06:41 – Updated: 2025-12-15 15:49
    VLAI
    Summary
    The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • na
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: 14.13 , < 14.14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14021",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T15:48:45.634591Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-451",
                    "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T15:49:07.716Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "14.14",
                  "status": "affected",
                  "version": "14.13",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 4.3,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T06:45:46.378Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/2548498"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LY-Corporation",
        "cveId": "CVE-2025-14021",
        "datePublished": "2025-12-15T06:41:37.992Z",
        "dateReserved": "2025-12-04T11:44:56.068Z",
        "dateUpdated": "2025-12-15T15:49:07.716Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5739 (GCVE-0-2024-5739)

    Vulnerability from cvelistv5 – Published: 2024-06-12 07:00 – Updated: 2025-03-28 23:50
    VLAI
    Summary
    The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • na
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: 14.0.0 , < 14.9.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T19:19:41.096728Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T23:50:07.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:07.121Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/2284129"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "14.9.0",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.1,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 6.1,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-20T10:37:22.506Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/2284129"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LY-Corporation",
        "cveId": "CVE-2024-5739",
        "datePublished": "2024-06-12T07:00:35.232Z",
        "dateReserved": "2024-06-07T07:08:09.783Z",
        "dateUpdated": "2025-03-28T23:50:07.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5554 (GCVE-0-2023-5554)

    Vulnerability from cvelistv5 – Published: 2023-10-12 09:34 – Updated: 2025-12-09 07:26
    VLAI
    Summary
    Lack of TLS certificate verification in log transmission of a financial module within LINE client for iOS prior to 13.16.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • na
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: 13.12.0 , < 13.16.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/2106827"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5554",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-18T17:49:17.224369Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-18T17:50:42.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "13.16.0",
                  "status": "affected",
                  "version": "13.12.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of TLS certificate verification in log transmission of a financial module within LINE client for iOS prior to 13.16.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 4.8,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "HIGH",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 4.8,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-09T07:26:14.524Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/2106827"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LINE",
        "cveId": "CVE-2023-5554",
        "datePublished": "2023-10-12T09:34:01.586Z",
        "dateReserved": "2023-10-12T09:17:12.045Z",
        "dateUpdated": "2025-12-09T07:26:14.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-41568 (GCVE-0-2022-41568)

    Vulnerability from cvelistv5 – Published: 2022-11-29 00:00 – Updated: 2025-04-25 17:21
    VLAI
    Summary
    LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • na
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:49:41.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1701642"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41568",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T17:21:11.086594Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T17:21:40.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "na",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-29T00:00:00.000Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LINE"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/1701642"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LINE",
        "cveId": "CVE-2022-41568",
        "datePublished": "2022-11-29T00:00:00.000Z",
        "dateReserved": "2022-09-26T00:00:00.000Z",
        "dateUpdated": "2025-04-25T17:21:40.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41011 (GCVE-0-2021-41011)

    Vulnerability from cvelistv5 – Published: 2021-09-22 15:07 – Updated: 2024-08-04 02:59
    VLAI
    Summary
    LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/1279524 x_refsource_MISC
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:59:31.388Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1279524"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-22T15:07:41.000Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LINE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1279524"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "dl_cve@linecorp.com",
              "ID": "CVE-2021-41011",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LINE client for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "11.15.0",
                                "version_value": "\u003c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "LINE Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1279524",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1279524"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LINE",
        "cveId": "CVE-2021-41011",
        "datePublished": "2021-09-22T15:07:42.000Z",
        "dateReserved": "2021-09-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:59:31.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36215 (GCVE-0-2021-36215)

    Vulnerability from cvelistv5 – Published: 2021-09-08 17:50 – Updated: 2024-08-04 00:54
    VLAI
    Summary
    LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/1082991 x_refsource_MISC
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:54:50.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1082991"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c="
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-08T17:50:43.000Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LINE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1082991"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "dl_cve@linecorp.com",
              "ID": "CVE-2021-36215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LINE client for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "10.21.3",
                                "version_value": "\u003c="
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "LINE Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1082991",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1082991"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LINE",
        "cveId": "CVE-2021-36215",
        "datePublished": "2021-09-08T17:50:43.000Z",
        "dateReserved": "2021-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:54:50.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36214 (GCVE-0-2021-36214)

    Vulnerability from cvelistv5 – Published: 2021-07-13 17:47 – Updated: 2026-04-09 05:41
    VLAI
    Summary
    LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.
    CWE
    • Improper Neutralization of Input During Web Page Generation (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    LINE Corporation LINE client for iOS Affected: < , < 10.16.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:54:50.746Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/988332"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LINE client for iOS",
              "vendor": "LINE Corporation",
              "versions": [
                {
                  "lessThan": "10.16.3",
                  "status": "affected",
                  "version": "\u003c",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.1,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 6.1,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of Input During Web Page Generation (CWE-79)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T05:41:29.746Z",
            "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
            "shortName": "LY-Corporation"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/988332"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
        "assignerShortName": "LINE",
        "cveId": "CVE-2021-36214",
        "datePublished": "2021-07-13T17:47:37.000Z",
        "dateReserved": "2021-07-07T00:00:00.000Z",
        "dateUpdated": "2026-04-09T05:41:29.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }