Home Assistant Companion
Approved changes feed: RSS · Atom
cpe:2.3:a:home-assistant:home_assistant_companion:*:*:*:*:*:android:*:*
part: a version: * update: *
| Vendor | Home Assistant (964de0e1-985d-58e8-aad7-9e8afb8d2985) |
|---|---|
| Product | Home Assistant Companion (47801561-4b07-5a5a-89c8-847ad78dca82) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | android |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/home-assistant/android |
purl2cpe | 2026-06-01 10:17:51.832914 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-41898 |
vulnerable | 2026-06-08 06:11:07.394745 |
Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android
HIGH (8.6)
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.
Published: 2023-10-19T22:08:40.783Z
Updated: 2024-09-12T15:12:08.060Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.