Vulnerability Details CVE-2020-15165
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.3%
CVSS Severity
CVSS v3 Score 9.3
CVSS v2 Score 6.4
References
- https://github.com/maxieds/ChameleonMiniLiveDebugger/security/advisories/GHSA-8q77-7hq8-f7g6
- https://play.google.com/store/apps/details?id=com.maxieds.chameleonminilivedebugger&hl=en_US
- https://github.com/maxieds/ChameleonMiniLiveDebugger/security/advisories/GHSA-8q77-7hq8-f7g6
- https://play.google.com/store/apps/details?id=com.maxieds.chameleonminilivedebugger&hl=en_US
Products affected by CVE-2020-15165
-
cpe:2.3:a:chameleon_mini_live_debugger_project:chameleon_mini_live_debugger:1.1.6