CVE-2019-8791
First published: Wed Dec 18 2019(Updated: )
An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Shazam | <9.25.0 | |
| Apple Shazam | <12.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-8791?
CVE-2019-8791 is considered a medium severity vulnerability due to its potential for open redirect exploitation.
How do I fix CVE-2019-8791?
To fix CVE-2019-8791, update to Shazam Android App Version 9.25.0 or Shazam iOS App Version 12.11.0.
What types of devices are affected by CVE-2019-8791?
CVE-2019-8791 affects Shazam on both iOS and Android devices running prior versions of the app.
What is the impact of CVE-2019-8791?
The impact of CVE-2019-8791 includes the risk of attackers redirecting users to malicious sites via crafted URLs.
When was CVE-2019-8791 reported?
CVE-2019-8791 was reported in 2019, highlighting vulnerabilities within the URL parsing mechanism of the Shazam app.
- agent/references
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/apple
- canonical/apple shazam