Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks #124

Open
luchua-bc opened this issue Jun 12, 2020 · 2 comments
Labels

Comments

@luchua-bc
Copy link

@luchua-bc luchua-bc commented Jun 12, 2020

CVE ID(s)

List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.

Report

Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.
Android WebViews that allow loading urls controlled by external inputs and whose JavaScript interface is enabled are potentially vulnerable to cross-site scripting and sensitive resource disclosure attacks.

In addition, WebViews whose settings have setAllowFileAccessFromFileURLs or setAllowUniversalAccessFromFileURLs enabled are extremely vulnerable to cross-site scripting attacks, either accessing arbitrary local files including WebView cookies, session tokens, and private app data or even credentials used on arbitrary web sites.

A new query has been created to handle these two scenarios. And a test case has been added to facilitate testing and future regression testing. Stubs of frequently accessed Android programs were added too, which facilitates the development of new Android related queries.

Related PR is #3706

  • Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing
@luchua-bc luchua-bc changed the title Java: CWE-749 Unsafe resource loading in Android WebView Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks Jun 18, 2020
@ghsecuritylab
Copy link
Collaborator

@ghsecuritylab ghsecuritylab commented Aug 17, 2020

Your submission is now in status SecLab review.

For information, the evaluation workflow is the following:
CodeQL initial assessment > SecLab review > CodeQL review > SecLab finalize > Pay > Closed

@ghsecuritylab
Copy link
Collaborator

@ghsecuritylab ghsecuritylab commented Sep 2, 2020

Your submission is now in status CodeQL review.

For information, the evaluation workflow is the following:
CodeQL initial assessment > SecLab review > CodeQL review > SecLab finalize > Pay > Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.