{"published": "2016-04-01T09:42:36", "id": "HACKAPP:COM.ZYNGA.FATPEBBLE.CLAYJAM.APK", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "hash": "9fee5df45c79a2fafc0be528848cc40c207f0340005eb3edd3ac22f87bd3c1c1", "description": "HackApp vulnerability scanner discovered that application Clay Jam published at the 'play' market has multiple vulnerabilities.", "type": "hackapp", "lastseen": "2016-09-26T20:43:26", "edition": 1, "hackapp": {"version": "N/A", "store": "play", "release": "2014-12-16T00:00:00", "apk": "COM.ZYNGA.FATPEBBLE.CLAYJAM.APK", "name": "Clay Jam", "icon": "http://lh3.ggpht.com/rfKRFoP6VxQgdhCsu7Ykgm4hvNB6MUPeylF6wCZ5-Cf__DWadOk33gWiKFWJ23j619w=w300", "link": "https://play.google.com/store/apps/details?id=com.zynga.fatpebble.clayjam&hl=en", "vendor": "Fat Pebble", "bugs": [{"name": "Native code usage", "id": "33d820080f9d6781b5cdf83e7c921d48", "severity": "notice", "description": "Native code (.so) usage 'System.loadLibrary();' is found."}, {"name": "Customized SSL", "id": "a9b0570f28de26ece0e630e5354b8369", "severity": "critical", "description": "\n\t\t\tCheck certificate validation. Do not create or redefine X509Certificate class methods by yourself, if you don't understand risks. Use the existing API.\n\t\t\t"}, {"name": "WebView files access", "id": "589a007a7716d4a0bf564e48a913e917", "severity": "medium", "description": "Control of WebView context allows to access local files.\n\t\t\t"}, {"name": "Corrupted files", "id": "04c804fbf2ff005ae51066e198f3ed56", "severity": "notice", "description": "Can't parse these files. Corrupted? Check manually."}, {"name": "WebView JavaScript enabled", "id": "e67877fc2eef05918aa0ed609d2588ea", "severity": "medium", "description": "WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks."}, {"name": "Suspicious files", "id": "00219eb2f5da4990bc7c37dea38de461", "severity": "notice", "description": "Are you sure these files should be here?"}, {"name": "SD-card access", "id": "06d31400dc9178b9f6ab41a47bb5e346", "severity": "medium", "description": "SD-cards and other external storages have 'worldwide read' policy."}, {"name": "External URLs", "id": "e255d4a8553bbf20dd99fcc0e2a854cf", "severity": "notice", "description": "Were do they point?"}, {"name": "Unsafe deleting", "id": "eed8afcf2602d942dc3edcb8b2b880eb", "severity": "notice", "description": "All items deleted with 'file.delete()' could be recovered."}]}, "title": "Clay Jam - Corrupted files, Customized SSL, External URLs vulnerabilities", "href": "https://hackapp.com/report/aef4a44a39321cb51ad1bbe86e53e5ae", "modified": "2016-04-01T09:42:36", "bulletinFamily": "software", "viewCount": 0, "cvelist": [], "affectedSoftware": [{"version": "N/A", "name": "Clay Jam", "operator": "le"}], "references": ["https://play.google.com/store/apps/details?id=com.zynga.fatpebble.clayjam&hl=en"], "reporter": "Hackapp.org", "hashmap": [{"hash": "595a3f4675fb08073ad4e60ddc6c6747", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d0d2fffaea4181b6b490a8805f3c6183", "key": "description"}, {"hash": "071ad4d601f7358872a9e888ac95e61d", "key": "hackapp"}, {"hash": "a17d1e2ccc19182e1d86eb53f46d486b", "key": "href"}, {"hash": "311854156070c5bc0f0d173cd00be259", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "311854156070c5bc0f0d173cd00be259", "key": "published"}, {"hash": "8f338f83d558f3f556e8a9dd621c39b9", "key": "references"}, {"hash": "3b012aae1848bb95fe11f3cebae83cb0", "key": "reporter"}, {"hash": "762662f2ee5ffea0d0fa732fa51b3338", "key": "title"}, {"hash": "96e87ef1fcc8d9d3cdd337488987c423", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "objectVersion": "1.2"}

{}