Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

Related CVEs

CVE-2023-6542

Key Information

GHSA ID

GHSA-v9m4-696p-qh68

Published

December 12, 2023 3:31 AM

Last Modified

December 12, 2023 3:31 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 8, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.