ID HACKAPP:COM.ZYNGA.FATPEBBLE.CLAYJAM.APK
Type hackapp
Reporter Hackapp.org
Modified 2016-04-01T09:42:36
Description
HackApp vulnerability scanner discovered that application Clay Jam published at the 'play' market has multiple vulnerabilities.
{"cvelist": [], "published": "2016-04-01T09:42:36", "bulletinFamily": "software", "objectVersion": "1.2", "href": "https://hackapp.com/report/aef4a44a39321cb51ad1bbe86e53e5ae", "lastseen": "2016-09-26T20:43:26", "id": "HACKAPP:COM.ZYNGA.FATPEBBLE.CLAYJAM.APK", "hackapp": {"link": "https://play.google.com/store/apps/details?id=com.zynga.fatpebble.clayjam&hl=en", "bugs": [{"description": "Native code (.so) usage 'System.loadLibrary();' is found.", "severity": "notice", "id": "33d820080f9d6781b5cdf83e7c921d48", "name": "Native code usage"}, {"description": "\n\t\t\tCheck certificate validation. Do not create or redefine X509Certificate class methods by yourself, if you don't understand risks. Use the existing API.\n\t\t\t", "severity": "critical", "id": "a9b0570f28de26ece0e630e5354b8369", "name": "Customized SSL"}, {"description": "Control of WebView context allows to access local files.\n\t\t\t", "severity": "medium", "id": "589a007a7716d4a0bf564e48a913e917", "name": "WebView files access"}, {"description": "Can't parse these files. Corrupted? Check manually.", "severity": "notice", "id": "04c804fbf2ff005ae51066e198f3ed56", "name": "Corrupted files"}, {"description": "WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.", "severity": "medium", "id": "e67877fc2eef05918aa0ed609d2588ea", "name": "WebView JavaScript enabled"}, {"description": "Are you sure these files should be here?", "severity": "notice", "id": "00219eb2f5da4990bc7c37dea38de461", "name": "Suspicious files"}, {"description": "SD-cards and other external storages have 'worldwide read' policy.", "severity": "medium", "id": "06d31400dc9178b9f6ab41a47bb5e346", "name": "SD-card access"}, {"description": "Were do they point?", "severity": "notice", "id": "e255d4a8553bbf20dd99fcc0e2a854cf", "name": "External URLs"}, {"description": "All items deleted with 'file.delete()' could be recovered.", "severity": "notice", "id": "eed8afcf2602d942dc3edcb8b2b880eb", "name": "Unsafe deleting"}], "vendor": "Fat Pebble", "release": "2014-12-16T00:00:00", "version": "N/A", "apk": "COM.ZYNGA.FATPEBBLE.CLAYJAM.APK", "store": "play", "name": "Clay Jam", "icon": "http://lh3.ggpht.com/rfKRFoP6VxQgdhCsu7Ykgm4hvNB6MUPeylF6wCZ5-Cf__DWadOk33gWiKFWJ23j619w=w300"}, "reporter": "Hackapp.org", "references": ["https://play.google.com/store/apps/details?id=com.zynga.fatpebble.clayjam&hl=en"], "hashmap": [{"hash": "595a3f4675fb08073ad4e60ddc6c6747", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d0d2fffaea4181b6b490a8805f3c6183", "key": "description"}, {"hash": "071ad4d601f7358872a9e888ac95e61d", "key": "hackapp"}, {"hash": "a17d1e2ccc19182e1d86eb53f46d486b", "key": "href"}, {"hash": "311854156070c5bc0f0d173cd00be259", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "311854156070c5bc0f0d173cd00be259", "key": "published"}, {"hash": "8f338f83d558f3f556e8a9dd621c39b9", "key": "references"}, {"hash": "3b012aae1848bb95fe11f3cebae83cb0", "key": "reporter"}, {"hash": "762662f2ee5ffea0d0fa732fa51b3338", "key": "title"}, {"hash": "96e87ef1fcc8d9d3cdd337488987c423", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "description": "HackApp vulnerability scanner discovered that application Clay Jam published at the 'play' market has multiple vulnerabilities.", "modified": "2016-04-01T09:42:36", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 0, "type": "hackapp", "affectedSoftware": [{"name": "Clay Jam", "operator": "le", "version": "N/A"}], "title": "Clay Jam - Corrupted files, Customized SSL, External URLs vulnerabilities", "hash": "9fee5df45c79a2fafc0be528848cc40c207f0340005eb3edd3ac22f87bd3c1c1", "history": [], "edition": 1, "enchantments": {"vulnersScore": 8.3}}
{"result": {}}