Insecure Input Verification in Cat Runner Decorate Home API

Insecure Input Verification in Cat Runner Decorate Home API

CVE-2019-13097 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.

Learn more about our Cis Benchmark Audit For Google Android.