CVE-2019-1995
Published: Feb 28, 2019
Modified: Sep 16, 2024
Description
In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-32589229.
| Vendor | Product | Versions |
|---|---|---|
Android | Android | affected Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now