CVE-2019-20801

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/05/2020
Last modified:
21/07/2021

Description

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:readdle:documents:*:*:*:*:*:iphone_os:*:* 6.9.7 (excluding)