RSS   Vulnerabilities for 'Retty'   RSS

2021-07-14
 
CVE-2021-20747

CWE-862
 

 
Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.

 
 
CVE-2021-20748

CWE-798
 

 
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.

 


Copyright 2021, cxsecurity.com

 

Back to Top