Search
Find a vulnerability
Search criteria
5 vulnerabilities found for shazam by apple
VAR-201912-0107
Vulnerability from variot - Updated: 2024-11-23 22:55An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect. Shazam is a music playback application. The program has functions such as music recognition and playback
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0107",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "shazam",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.25.0"
},
{
"model": "shazam",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.11.0"
},
{
"model": "shazam",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.11.0 (ios 10 or later )"
},
{
"model": "shazam",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.25.0 (android : 9.24.1)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013751"
},
{
"db": "NVD",
"id": "CVE-2019-8791"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:shazam",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013751"
}
]
},
"cve": "CVE-2019-8791",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-8791",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-160226",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-8791",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-8791",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-8791",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-8791",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-855",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-160226",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-8791",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160226"
},
{
"db": "VULMON",
"id": "CVE-2019-8791"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013751"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-855"
},
{
"db": "NVD",
"id": "CVE-2019-8791"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect. Shazam is a music playback application. The program has functions such as music recognition and playback",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8791"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013751"
},
{
"db": "VULHUB",
"id": "VHN-160226"
},
{
"db": "VULMON",
"id": "CVE-2019-8791"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8791",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013751",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-855",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-03586",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160226",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-8791",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160226"
},
{
"db": "VULMON",
"id": "CVE-2019-8791"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013751"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-855"
},
{
"db": "NVD",
"id": "CVE-2019-8791"
}
]
},
"id": "VAR-201912-0107",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160226"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:55:20.257000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT210744",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210744"
},
{
"title": "HT210745",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT210745"
},
{
"title": "HT210744",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT210744"
},
{
"title": "HT210745",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT210745"
},
{
"title": "Shazam Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106372"
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-8791"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013751"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-855"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160226"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013751"
},
{
"db": "NVD",
"id": "CVE-2019-8791"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/ht210744"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht210745"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8791"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8791"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210745"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/601.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160226"
},
{
"db": "VULMON",
"id": "CVE-2019-8791"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013751"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-855"
},
{
"db": "NVD",
"id": "CVE-2019-8791"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160226"
},
{
"db": "VULMON",
"id": "CVE-2019-8791"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013751"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-855"
},
{
"db": "NVD",
"id": "CVE-2019-8791"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-160226"
},
{
"date": "2019-12-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-8791"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013751"
},
{
"date": "2019-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-855"
},
{
"date": "2019-12-18T18:15:41.647000",
"db": "NVD",
"id": "CVE-2019-8791"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-02T00:00:00",
"db": "VULHUB",
"id": "VHN-160226"
},
{
"date": "2020-01-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-8791"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013751"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-855"
},
{
"date": "2024-11-21T04:50:28.923000",
"db": "NVD",
"id": "CVE-2019-8791"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-855"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shazam Android and Shazam iOS In the application URL Scheme analysis vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013751"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-855"
}
],
"trust": 0.6
}
}
CVE-2019-8792 (GCVE-0-2019-8792)
Vulnerability from nvd – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31
VLAI
Summary
An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.
Severity
No CVSS data available.
CWE
- Processing a maliciously crafted URL may lead to arbitrary javascript code execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT210744 | x_refsource_MISC |
| https://support.apple.com/HT210745 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Shazam-Android |
Affected:
unspecified , < Shazam Android App Version 9.25.0
(custom)
|
|
| Apple | Shazam-iOS |
Affected:
unspecified , < Shazam iOS App Version 12.11.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shazam-Android",
"vendor": "Apple",
"versions": [
{
"lessThan": "Shazam Android App Version 9.25.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Shazam-iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "Shazam iOS App Version 12.11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted URL may lead to arbitrary javascript code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:23.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shazam-Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Shazam Android App Version 9.25.0"
}
]
}
},
{
"product_name": "Shazam-iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Shazam iOS App Version 12.11.0"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted URL may lead to arbitrary javascript code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210744",
"refsource": "MISC",
"url": "https://support.apple.com/HT210744"
},
{
"name": "https://support.apple.com/HT210745",
"refsource": "MISC",
"url": "https://support.apple.com/HT210745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8792",
"datePublished": "2019-12-18T17:33:23.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8791 (GCVE-0-2019-8791)
Vulnerability from nvd – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31
VLAI
Summary
An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect.
Severity
No CVSS data available.
CWE
- Processing a maliciously crafted URL may lead to an open redirect
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT210744 | x_refsource_MISC |
| https://support.apple.com/HT210745 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Shazam-Android |
Affected:
unspecified , < Shazam Android App Version 9.25.0
(custom)
|
|
| Apple | Shazam-iOS |
Affected:
unspecified , < Shazam iOS App Version 12.11.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shazam-Android",
"vendor": "Apple",
"versions": [
{
"lessThan": "Shazam Android App Version 9.25.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Shazam-iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "Shazam iOS App Version 12.11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted URL may lead to an open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:23.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shazam-Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Shazam Android App Version 9.25.0"
}
]
}
},
{
"product_name": "Shazam-iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Shazam iOS App Version 12.11.0"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted URL may lead to an open redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210744",
"refsource": "MISC",
"url": "https://support.apple.com/HT210744"
},
{
"name": "https://support.apple.com/HT210745",
"refsource": "MISC",
"url": "https://support.apple.com/HT210745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8791",
"datePublished": "2019-12-18T17:33:23.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8792 (GCVE-0-2019-8792)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31
VLAI
Summary
An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.
Severity
No CVSS data available.
CWE
- Processing a maliciously crafted URL may lead to arbitrary javascript code execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT210744 | x_refsource_MISC |
| https://support.apple.com/HT210745 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Shazam-Android |
Affected:
unspecified , < Shazam Android App Version 9.25.0
(custom)
|
|
| Apple | Shazam-iOS |
Affected:
unspecified , < Shazam iOS App Version 12.11.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shazam-Android",
"vendor": "Apple",
"versions": [
{
"lessThan": "Shazam Android App Version 9.25.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Shazam-iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "Shazam iOS App Version 12.11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted URL may lead to arbitrary javascript code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:23.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shazam-Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Shazam Android App Version 9.25.0"
}
]
}
},
{
"product_name": "Shazam-iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Shazam iOS App Version 12.11.0"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted URL may lead to arbitrary javascript code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210744",
"refsource": "MISC",
"url": "https://support.apple.com/HT210744"
},
{
"name": "https://support.apple.com/HT210745",
"refsource": "MISC",
"url": "https://support.apple.com/HT210745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8792",
"datePublished": "2019-12-18T17:33:23.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8791 (GCVE-0-2019-8791)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:31
VLAI
Summary
An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect.
Severity
No CVSS data available.
CWE
- Processing a maliciously crafted URL may lead to an open redirect
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT210744 | x_refsource_MISC |
| https://support.apple.com/HT210745 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Shazam-Android |
Affected:
unspecified , < Shazam Android App Version 9.25.0
(custom)
|
|
| Apple | Shazam-iOS |
Affected:
unspecified , < Shazam iOS App Version 12.11.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT210745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shazam-Android",
"vendor": "Apple",
"versions": [
{
"lessThan": "Shazam Android App Version 9.25.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Shazam-iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "Shazam iOS App Version 12.11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted URL may lead to an open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:33:23.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT210745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shazam-Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Shazam Android App Version 9.25.0"
}
]
}
},
{
"product_name": "Shazam-iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Shazam iOS App Version 12.11.0"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted URL may lead to an open redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT210744",
"refsource": "MISC",
"url": "https://support.apple.com/HT210744"
},
{
"name": "https://support.apple.com/HT210745",
"refsource": "MISC",
"url": "https://support.apple.com/HT210745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8791",
"datePublished": "2019-12-18T17:33:23.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}