LINE client for iOS
by Linecorp
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41568 | Hig | 0.49 | 7.5 | 0.01 | Nov 29, 2022 | LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat. | ||
| CVE-2021-41011 | Hig | 0.49 | 7.5 | 0.01 | Sep 22, 2021 | LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information. | ||
| CVE-2026-3861 | Med | 0.42 | 6.5 | 0.00 | Apr 16, 2026 | LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become… | ||
| CVE-2024-5739 | Med | 0.40 | 6.1 | 0.00 | Jun 12, 2024 | The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site… | ||
| CVE-2021-36214 | Med | 0.40 | 6.1 | 0.01 | Jul 13, 2021 | LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView. | ||
| CVE-2021-36215 | Med | 0.35 | 5.3 | 0.01 | Sep 8, 2021 | LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling. | ||
| CVE-2023-5554 | Med | 0.31 | 4.8 | 0.00 | Oct 12, 2023 | Lack of TLS certificate verification in log transmission of a financial module within LINE client for iOS prior to 13.16.0. | ||
| CVE-2025-14022 | 0.00 | — | 0.00 | Dec 15, 2025 | LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a… |
- risk 0.49cvss 7.5epss 0.01
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.
- risk 0.49cvss 7.5epss 0.01
LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.
- risk 0.42cvss 6.5epss 0.00
LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become…
- risk 0.40cvss 6.1epss 0.00
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site…
- risk 0.40cvss 6.1epss 0.01
LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.
- risk 0.35cvss 5.3epss 0.01
LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.
- risk 0.31cvss 4.8epss 0.00
Lack of TLS certificate verification in log transmission of a financial module within LINE client for iOS prior to 13.16.0.
- CVE-2025-14022Dec 15, 2025risk 0.00cvss —epss 0.00
LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a…