Vulnerability Details : CVE-2021-20873
Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL.
Products affected by CVE-2021-20873
- cpe:2.3:a:yappli:yappli:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20873
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20873
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2021-20873
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-20873
-
https://support.yappli.co.jp/hc/ja/articles/4410249902745
Security checkVendor Advisory
-
https://jvn.jp/en/jp/JVN66422035/index.html
JVN#66422035: Android Apps developed using Yappli fails to restrict custom URL schemes properlyThird Party Advisory
Jump to