Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bytedance TikTok 安全漏洞
Vulnerability Description
Bytedance TikTok(抖音国际版)是中国字节跳动(Bytedance)公司的一款用于创建和分享短视频的应用程序。 TikTok 23.8.4之前版本存在安全漏洞,该漏洞源于精心制作的 URL(未经验证的深层链接)可以强制 com.zhiliaoapp.musically WebView 加载任意网站。攻击者利用该漏洞通过附加的 JavaScript 界面一键进行接管。
CVSS Information
N/A
Vulnerability Type
N/A