CVE-2023-42580

3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 41.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Galaxy Store
Timeline
PublishedDec 5

Description

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

NVDsamsung/galaxy_store< 4.5.64.4

🔴Vulnerability Details

2
GHSA
GHSA-25hr-xcqp-fjjc: Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 42023-12-05
CVEList
CVE-2023-42580: Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 42023-12-05
CVE-2023-42580 (CRITICAL CVSS 9.8) | Improper URL validation from MCSLau | cvebase.io