Search criteria
14 vulnerabilities found for LINE Client for iOS by LINE Corporation
CVE-2024-5739 (GCVE-0-2024-5739)
Vulnerability from cvelistv5 – Published: 2024-06-12 07:00 – Updated: 2025-03-28 23:50
VLAI?
Summary
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher.
Severity ?
6.1 (Medium)
CWE
- na
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE client for iOS |
Affected:
14.0.0 , < 14.9.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:19:41.096728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T23:50:07.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:07.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/2284129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LINE client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"lessThan": "14.9.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "LOW",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "LOW",
"modifiedIntegrityImpact": "LOW",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "CHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "na",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T10:37:22.506Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LY-Corporation"
},
"references": [
{
"url": "https://hackerone.com/reports/2284129"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LY-Corporation",
"cveId": "CVE-2024-5739",
"datePublished": "2024-06-12T07:00:35.232Z",
"dateReserved": "2024-06-07T07:08:09.783Z",
"dateUpdated": "2025-03-28T23:50:07.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1735 (GCVE-0-2024-1735)
Vulnerability from cvelistv5 – Published: 2024-02-26 07:25 – Updated: 2025-08-26 20:01
VLAI?
Summary
A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
Severity ?
9.1 (Critical)
CWE
- na
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | Armeria |
Affected:
0.69.0 , < 1.27.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "armeria",
"vendor": "linecorp",
"versions": [
{
"lessThan": "1.27.2",
"status": "affected",
"version": "0.69.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-04T21:31:51.106962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T20:01:39.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Armeria",
"vendor": "LINE Corporation",
"versions": [
{
"lessThan": "1.27.2",
"status": "affected",
"version": "0.69.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "na",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T07:57:43.872Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LY-Corporation"
},
"references": [
{
"url": "https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LY-Corporation",
"cveId": "CVE-2024-1735",
"datePublished": "2024-02-26T07:25:42.406Z",
"dateReserved": "2024-02-22T05:17:44.461Z",
"dateUpdated": "2025-08-26T20:01:39.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5554 (GCVE-0-2023-5554)
Vulnerability from cvelistv5 – Published: 2023-10-12 09:34 – Updated: 2024-09-18 17:50
VLAI?
Summary
Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.
Severity ?
4.8 (Medium)
CWE
- na
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE Client for iOS |
Affected:
13.12.0 , < 13.16.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/2106827"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:49:17.224369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:50:42.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LINE Client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"lessThan": "13.16.0",
"status": "affected",
"version": "13.12.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "na",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T05:40:43.366Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LINE"
},
"references": [
{
"url": "https://hackerone.com/reports/2106827"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LINE",
"cveId": "CVE-2023-5554",
"datePublished": "2023-10-12T09:34:01.586Z",
"dateReserved": "2023-10-12T09:17:12.045Z",
"dateUpdated": "2024-09-18T17:50:42.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41568 (GCVE-0-2022-41568)
Vulnerability from cvelistv5 – Published: 2022-11-29 00:00 – Updated: 2025-04-25 17:21
VLAI?
Summary
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.
Severity ?
7.5 (High)
CWE
- na
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE client for iOS |
Affected:
<
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:41.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1701642"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T17:21:11.086594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T17:21:40.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LINE client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"status": "affected",
"version": "\u003c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "na",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00.000Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LINE"
},
"references": [
{
"url": "https://hackerone.com/reports/1701642"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LINE",
"cveId": "CVE-2022-41568",
"datePublished": "2022-11-29T00:00:00.000Z",
"dateReserved": "2022-09-26T00:00:00.000Z",
"dateUpdated": "2025-04-25T17:21:40.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41011 (GCVE-0-2021-41011)
Vulnerability from cvelistv5 – Published: 2021-09-22 15:07 – Updated: 2024-08-04 02:59
VLAI?
Summary
LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE client for iOS |
Affected:
<
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1279524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LINE client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"status": "affected",
"version": "\u003c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-22T15:07:41",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LINE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1279524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "dl_cve@linecorp.com",
"ID": "CVE-2021-41011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LINE client for iOS",
"version": {
"version_data": [
{
"version_affected": "11.15.0",
"version_value": "\u003c"
}
]
}
}
]
},
"vendor_name": "LINE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1279524",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1279524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LINE",
"cveId": "CVE-2021-41011",
"datePublished": "2021-09-22T15:07:42",
"dateReserved": "2021-09-13T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36215 (GCVE-0-2021-36215)
Vulnerability from cvelistv5 – Published: 2021-09-08 17:50 – Updated: 2024-08-04 00:54
VLAI?
Summary
LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE client for iOS |
Affected:
<=
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:50.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1082991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LINE client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"status": "affected",
"version": "\u003c="
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T17:50:43",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LINE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1082991"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "dl_cve@linecorp.com",
"ID": "CVE-2021-36215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LINE client for iOS",
"version": {
"version_data": [
{
"version_affected": "10.21.3",
"version_value": "\u003c="
}
]
}
}
]
},
"vendor_name": "LINE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1082991",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1082991"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LINE",
"cveId": "CVE-2021-36215",
"datePublished": "2021-09-08T17:50:43",
"dateReserved": "2021-07-07T00:00:00",
"dateUpdated": "2024-08-04T00:54:50.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36214 (GCVE-0-2021-36214)
Vulnerability from cvelistv5 – Published: 2021-07-13 17:47 – Updated: 2024-08-04 00:54
VLAI?
Summary
LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (CWE-79)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE client for iOS |
Affected:
<
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:50.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/988332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LINE client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"status": "affected",
"version": "\u003c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T17:47:37",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LINE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/988332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "dl_cve@linecorp.com",
"ID": "CVE-2021-36214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LINE client for iOS",
"version": {
"version_data": [
{
"version_affected": "10.16.3",
"version_value": "\u003c"
}
]
}
}
]
},
"vendor_name": "LINE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/988332",
"refsource": "MISC",
"url": "https://hackerone.com/reports/988332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LINE",
"cveId": "CVE-2021-36214",
"datePublished": "2021-07-13T17:47:37",
"dateReserved": "2021-07-07T00:00:00",
"dateUpdated": "2024-08-04T00:54:50.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5739 (GCVE-0-2024-5739)
Vulnerability from nvd – Published: 2024-06-12 07:00 – Updated: 2025-03-28 23:50
VLAI?
Summary
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher.
Severity ?
6.1 (Medium)
CWE
- na
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE client for iOS |
Affected:
14.0.0 , < 14.9.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:19:41.096728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T23:50:07.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:07.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/2284129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LINE client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"lessThan": "14.9.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "LOW",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "LOW",
"modifiedIntegrityImpact": "LOW",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "CHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "na",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T10:37:22.506Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LY-Corporation"
},
"references": [
{
"url": "https://hackerone.com/reports/2284129"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LY-Corporation",
"cveId": "CVE-2024-5739",
"datePublished": "2024-06-12T07:00:35.232Z",
"dateReserved": "2024-06-07T07:08:09.783Z",
"dateUpdated": "2025-03-28T23:50:07.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1735 (GCVE-0-2024-1735)
Vulnerability from nvd – Published: 2024-02-26 07:25 – Updated: 2025-08-26 20:01
VLAI?
Summary
A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
Severity ?
9.1 (Critical)
CWE
- na
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | Armeria |
Affected:
0.69.0 , < 1.27.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "armeria",
"vendor": "linecorp",
"versions": [
{
"lessThan": "1.27.2",
"status": "affected",
"version": "0.69.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-04T21:31:51.106962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T20:01:39.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Armeria",
"vendor": "LINE Corporation",
"versions": [
{
"lessThan": "1.27.2",
"status": "affected",
"version": "0.69.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "na",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T07:57:43.872Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LY-Corporation"
},
"references": [
{
"url": "https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LY-Corporation",
"cveId": "CVE-2024-1735",
"datePublished": "2024-02-26T07:25:42.406Z",
"dateReserved": "2024-02-22T05:17:44.461Z",
"dateUpdated": "2025-08-26T20:01:39.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5554 (GCVE-0-2023-5554)
Vulnerability from nvd – Published: 2023-10-12 09:34 – Updated: 2024-09-18 17:50
VLAI?
Summary
Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.
Severity ?
4.8 (Medium)
CWE
- na
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE Client for iOS |
Affected:
13.12.0 , < 13.16.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/2106827"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:49:17.224369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:50:42.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LINE Client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"lessThan": "13.16.0",
"status": "affected",
"version": "13.12.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "na",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T05:40:43.366Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LINE"
},
"references": [
{
"url": "https://hackerone.com/reports/2106827"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LINE",
"cveId": "CVE-2023-5554",
"datePublished": "2023-10-12T09:34:01.586Z",
"dateReserved": "2023-10-12T09:17:12.045Z",
"dateUpdated": "2024-09-18T17:50:42.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41568 (GCVE-0-2022-41568)
Vulnerability from nvd – Published: 2022-11-29 00:00 – Updated: 2025-04-25 17:21
VLAI?
Summary
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.
Severity ?
7.5 (High)
CWE
- na
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE client for iOS |
Affected:
<
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:41.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1701642"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T17:21:11.086594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T17:21:40.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LINE client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"status": "affected",
"version": "\u003c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "na",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00.000Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LINE"
},
"references": [
{
"url": "https://hackerone.com/reports/1701642"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LINE",
"cveId": "CVE-2022-41568",
"datePublished": "2022-11-29T00:00:00.000Z",
"dateReserved": "2022-09-26T00:00:00.000Z",
"dateUpdated": "2025-04-25T17:21:40.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41011 (GCVE-0-2021-41011)
Vulnerability from nvd – Published: 2021-09-22 15:07 – Updated: 2024-08-04 02:59
VLAI?
Summary
LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE client for iOS |
Affected:
<
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1279524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LINE client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"status": "affected",
"version": "\u003c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-22T15:07:41",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LINE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1279524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "dl_cve@linecorp.com",
"ID": "CVE-2021-41011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LINE client for iOS",
"version": {
"version_data": [
{
"version_affected": "11.15.0",
"version_value": "\u003c"
}
]
}
}
]
},
"vendor_name": "LINE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1279524",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1279524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LINE",
"cveId": "CVE-2021-41011",
"datePublished": "2021-09-22T15:07:42",
"dateReserved": "2021-09-13T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36215 (GCVE-0-2021-36215)
Vulnerability from nvd – Published: 2021-09-08 17:50 – Updated: 2024-08-04 00:54
VLAI?
Summary
LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE client for iOS |
Affected:
<=
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:50.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1082991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LINE client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"status": "affected",
"version": "\u003c="
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T17:50:43",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LINE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1082991"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "dl_cve@linecorp.com",
"ID": "CVE-2021-36215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LINE client for iOS",
"version": {
"version_data": [
{
"version_affected": "10.21.3",
"version_value": "\u003c="
}
]
}
}
]
},
"vendor_name": "LINE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1082991",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1082991"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LINE",
"cveId": "CVE-2021-36215",
"datePublished": "2021-09-08T17:50:43",
"dateReserved": "2021-07-07T00:00:00",
"dateUpdated": "2024-08-04T00:54:50.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36214 (GCVE-0-2021-36214)
Vulnerability from nvd – Published: 2021-07-13 17:47 – Updated: 2024-08-04 00:54
VLAI?
Summary
LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (CWE-79)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LINE Corporation | LINE client for iOS |
Affected:
<
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:50.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/988332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LINE client for iOS",
"vendor": "LINE Corporation",
"versions": [
{
"status": "affected",
"version": "\u003c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T17:47:37",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LINE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/988332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "dl_cve@linecorp.com",
"ID": "CVE-2021-36214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LINE client for iOS",
"version": {
"version_data": [
{
"version_affected": "10.16.3",
"version_value": "\u003c"
}
]
}
}
]
},
"vendor_name": "LINE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/988332",
"refsource": "MISC",
"url": "https://hackerone.com/reports/988332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LINE",
"cveId": "CVE-2021-36214",
"datePublished": "2021-07-13T17:47:37",
"dateReserved": "2021-07-07T00:00:00",
"dateUpdated": "2024-08-04T00:54:50.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}