Medium severity5.9NVD Advisory· Published May 18, 2017· Updated May 13, 2026

CVE-2017-9045

Description

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file.

Affected products

Google/Google I\/o 2017
cpe:2.3:a:google:google_i\/o_2017:*:*:*:*:*:*:*:*
Range: <=5.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wwws.nightwatchcybersecurity.com/2017/05/17/advisory-google-io-2017-android-app/nvdExploitThird Party Advisory
www.securityfocus.com/bid/98549nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000