CVE-2021-20873

HIGH

Yappli 7.3.6-9.29.9 - Unauthenticated Open Redirect via Custom URL Scheme Handler

Title source: llm
STIX 2.1

Description

Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN66422035/index.html

Scores

CVSS v3 8.1
EPSS 0.0084
EPSS Percentile 53.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

CWE
CWE-862
Status published
Products (1)
yappli/yappli 7.3.6 - 9.30.0
Published Dec 28, 2021
Tracked Since Feb 18, 2026