The GitHub Security Lab team has identified a potential security vulnerability in Home Assistant Companion for Android.
Summary
The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft.
Credit
This issue was discovered and reported by the GitHub CodeQL team member @atorralba (Tony Torralba).
GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-142
atorralba Finder
The GitHub Security Lab team has identified a potential security vulnerability in Home Assistant Companion for Android.
Summary
The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft.
Credit
This issue was discovered and reported by the GitHub CodeQL team member @atorralba (Tony Torralba).
GitHub Security Lab (GHSL) Vulnerability Report:
GHSL-2023-142