CVE-2023-6542

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-6542

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6542.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6542

Published

2023-12-12T02:15:09.347Z

Modified

2026-04-10T05:08:03.887618Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

References

Affected packages

Git / github.com/emartech/android-emarsys-sdk

Affected ranges

Type

GIT

Repo

https://github.com/emartech/android-emarsys-sdk

Events

Introduced

Last affected

5505560369569e48506910044c1dc8a6bcd20609

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.6.2"
        }
    ]
}

Affected versions

1.*

1.99.0

2.*

2.0.0

2.0.1

2.1.0

2.10.0

2.11.0

2.11.1

2.12.0

2.12.1

2.13.0

2.14.0

2.14.1

2.14.2

2.14.3

2.15.0

2.16.0

2.2.0

2.3.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.6.0

2.6.1

2.7.0

2.8.0

2.9.0

2.9.1

3.*

3.0.0

3.0.1

3.1.0

3.1.1

3.1.2

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.3.0

3.3.1

3.4.0

3.5.0

3.5.1

3.5.3

3.6.0

3.6.1

3.6.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6542.json"