본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2019-9140 | Happypoint mobile application information disclosure vulnerability2019.08.01
□ Overview

 o SPC CLOUD Co,Ltd released security update to address information disclosure vulnerability in Happypoint mobile Application.

Vulnerability Type

Impact

Severity

CVE ID

Code Injection

Information

disclosure

High

CVE-2019-9140

 

□ Description

 o When processing Deeplink scheme, Happypoint app doesn't check Deeplink URL correctly. This could leads to javascript code execution, url redirection, sensitive information disclosure.
An attacker can exploit this issue by enticing an unsuspecting user to open a malicious URL.

 

□ Affected Product

Product

Version

PlatForm

Happypoint

6.3.19 and prior

Android

 

□ Solution

 o Happypoint version 6.4.1 in Google Play store addresses these issues and users should update to that version.

 

□ Reference site

https://play.google.com/store/apps/details?id=com.hpapp&hl=ko

 

□ Acknowledgements

 o Thanks to Taejin Jang for reporting this vulerability.