CVE-2019-2211

HIGH

Android 8.0-10 - SQL Injection in TvProvider.java

Title source: llm
STIX 2.1

Description

In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269669

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0067
EPSS Percentile 47.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (4)
google/android 8.0
google/android 8.1
google/android 9.0
google/android 10.0
Published Nov 13, 2019
Tracked Since Feb 18, 2026