CVE-2019-13097

HIGH

Cat Runner Decorate Home 2.8.0 - Score Parameter Manipulation via Insufficient Input Validation

Title source: llm
STIX 2.1

Description

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://pastebin.com/WkkGk0tw
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=u5iEeLZnYVg

Scores

CVSS v3 7.5
EPSS 0.0137
EPSS Percentile 68.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
cat_runner\/_decorate_home_project cat_runner\ _decorate_home
Published Jul 22, 2019
Tracked Since Feb 18, 2026