漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android
Vulnerability Description
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Home Assistant 代码注入漏洞
Vulnerability Description
Home Assistant是一套开源的家庭自动化管理系统。该系统主要用于控制家庭自动化设备。 Home Assistant 2023.9.2之前版本存在安全漏洞,该漏洞源于WebView中存在任意URL加载问题。攻击者可利用该漏洞进行任意JavaScript执行、有限的本地代码执行和凭据盗窃等操作。
CVSS Information
N/A
Vulnerability Type
N/A