CVE-2024-46962

EUVD-2024-42164
The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
googleandroid
𝑥
≤ 2.0
ADP
Common Weakness Enumeration
References
https://github.com/actuator/com.downloader.video.fast/blob/main/CVE-2024-46962
https://play.google.com/store/apps/details?id=com.downloader.video.fast