CVE-2019-8791
MEDIUMShazam < 9.25.0 (Android) and < 12.11.0 (iOS) - Open Redirect via URL Scheme Parsing
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-8791. PoCs published by ashleykinguk.
Description
An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect.
Exploits (1)
nomisec
NO CODE
1 stars
by ashleykinguk · poc
https://github.com/ashleykinguk/Shazam-CVE-2019-8791-CVE-2019-8792
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210744
Vendor Advisory x_refsource_misc
https://support.apple.com/HT210745
Scores
CVSS v3
6.1
EPSS
0.0036
EPSS Percentile
58.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (2)
apple/shazam
< 12.11.0
apple/shazam
< 9.25.0
Published
Dec 18, 2019
Tracked Since
Feb 18, 2026