回答済み

High Veracode flaw in Pendo SDK at PendoYoutubePlayer

Hi Pendo community,

 

I have had a Veracode scan for all of my apps (around 10+). 7 android apps are showing a High flaw that using addJavaScriptInterface() at PendoYoutubePlayer.

The High flaw states that a Dangerous method is exposed at PendoYouttubePlayer class. Use of this method before Android SDK revision 17 is dangerous.

May I know is there any minimum SDK added for Android Pendo SDK library?

Does Pendo aware of this high Veracode flaw.

Are there any plans on this to fix? Or Do I have to do anything from my side?

Thanks,

ravikumargv

0

コメント

3件のコメント
  • 正式なコメント

    The minimum SDK to use the Pendo library is 21.
    So looks like a false positive, because your android app can not use Pendo if the minimum SDK is below 21 and reading your comments the flaw applies to SDK below 17

  • 0
  • Thanks David Faerman for your reply. 

    All of my apps are using minSDK version as 21 only.

    I will look from here.

     

    Thanks.

    0

サインインしてコメントを残してください。

お探しのものを見つけられませんでしたか?

新規投稿