Second-Order Alert: Incorrectly Allowing Internal Links to Utilize App Scheme for Deeplinking Could Bypass URL Safety Checks
CVE-2024-10474
6.5MEDIUM
Summary
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
Affected Version(s)
Focus for iOS < 132
Refferences
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
James Lee