Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android
Vulnerability Description
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Home Assistant 代码注入漏洞
Vulnerability Description
Home Assistant是一套开源的家庭自动化管理系统。该系统主要用于控制家庭自动化设备。 Home Assistant 2023.9.2之前版本存在安全漏洞,该漏洞源于WebView中存在任意URL加载问题。攻击者可利用该漏洞进行任意JavaScript执行、有限的本地代码执行和凭据盗窃等操作。
CVSS Information
N/A
Vulnerability Type
N/A