CVE-2022-4903 – com.codenameone:codenameone-core

Package

Manager: maven
Name: com.codenameone:codenameone-core
Vulnerable Version: >=0 <7.0.71

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00044 pctl0.12779

Details

CodenameOne Pending Intent vulnerability A vulnerability was found in CodenameOne 7.0.70. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component.

Metadata

Created: 2023-02-10T15:30:28Z
Modified: 2024-01-16T15:57:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-p6xq-9h8r-v544/GHSA-p6xq-9h8r-v544.json
CWE IDs: ["CWE-668", "CWE-927"]
Alternative ID: GHSA-p6xq-9h8r-v544
Finding: F017
Auto approve: 1