Webview in LINE client for iOS will render application/octet-stream files as HTML
Medium
L
LY Corporation
Submitted None
Team Summary
Official summary from LY Corporation
Due to misconfiguration in the webview of LINE client for iOS, the data with header "Content-type" as "application/octet-stream" was treated as HTML. This could lead to a malicious Javascript execution, resulting a Cross-site scripting attack.
Actions:
Reported by
s5s
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$500.00
Submitted
Weakness
Improper Access Control - Generic