The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00243
Percentile: 0.47512

CVSS Scoring

Affected Products

• cpe:2.3:a:metaclassy:byword:2.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:metaclassy:byword:2.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:metaclassy:byword:2.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:metaclassy:byword:2.0.3:*:*:*:*:*:*:*

← Back to Home