CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-41898

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.1%

CVSS Severity

CVSS v3 Score 8.6

References

https://github.com/home-assistant/core/security/advisories/GHSA-jvpm-q3hq-86rg
https://github.com/home-assistant/core/security/advisories/GHSA-jvpm-q3hq-86rg

Products affected by CVE-2023-41898

Home-Assistant » Home Assistant Companion » Version: N/A

cpe:2.3:a:home-assistant:home_assistant_companion:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-41898

Products

Pricing

Contact Us