How severe is CVE-2022-2390?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2022-2390?

This is classified as CWE-471, which is a common weakness in software security.

CVE-2022-2390 - HIGH Severity | CVSS 8.4

Vulnerability Description

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain the access to all non-exported providers and/or gain the access to other providers the victim has permissions. We recommend upgrading to version 18.0.2 of the Play Service SDK as well as rebuilding and redeploying apps.

Related Vulnerabilities

CVE-2022-21824

HIGH

CVSS:8.2(High)

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with...

CWE-4712022

CVE-2020-26237

HIGH

CVSS:8.7(High)

Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will r...

CWE-4712020

CVE-2018-3719

HIGH

CVSS:8.8(High)

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing...

CWE-4712018

CVE-2018-3720

HIGH

CVSS:8.8(High)

assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causin...

CWE-4712018

CVE-2018-3722

HIGH

CVSS:8.8(High)

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing...

CWE-4712018

CVE-2018-3723

HIGH

CVSS:8.8(High)

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, caus...

CWE-4712018