CVE-2023-4435

Severity CVSS v4.0:

Pending analysis

Type:

CWE-20 Input Validation

Publication date:

20/08/2023

Last modified:

25/08/2023

Description

Improper Input Validation in GitHub repository hamza417/inure prior to build88.

Impact

Vector 3.x

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Base Score 3.x

5.50

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:hamza417:inure::::::android::*		build88 (excluding)

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://github.com/hamza417/inure/commit/e74062e439f860fd144da4bfc3f35e96c19c3abd
https://huntr.dev/bounties/1875ee85-4b92-4aa4-861e-094137a29276