Design/Logic Flaw

2018-04-0416:29:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.7%

JSON

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.

CPENameOperatorVersion
androideq7.1.2
androideq6.0.1
androideq6.0
androideq7.0
androideq8.0
androideq7.1.1
androideq8.1

Name	Operator	Version
android	eq	7.1.2
android	eq	6.0.1
android	eq	6.0
android	eq	7.0
android	eq	8.0
android	eq	7.1.1
android	eq	8.1

References

source.android.com/security/bulletin/2018-04-01