{"id":"CVE-2020-22475","details":"\"Tasks\" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.","modified":"2026-04-11T20:41:44.292162Z","published":"2021-02-22T17:15:12.207Z","references":[{"type":"FIX","url":"https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/49563"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tasks/tasks","events":[{"introduced":"0"},{"fixed":"8e17843ace70acd084f2c0c4359402184a644167"}],"database_specific":{"cpe":"cpe:2.3:a:tasks:tasks:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"9.7.3"}],"source":"CPE_FIELD"}}],"versions":["0.6.0-lite","3.0.0","3.0.2","3.0.3","3.0.4","3.2.0","3.3.0","3.3.3","3.3.6","3.4.0","3.5.0","3.6.0","3.6.1","3.7.0","3.7.1","3.7.2","3.7.3","3.7.3.1","3.7.4","3.7.5","3.7.7","3.8.0","3.8.0.1","3.8.0.2","3.8.2","3.8.3","3.8.3.1","3.8.4.1","3.8.4.2","3.8.4.4","3.8.5","3.8.5.1","3.9.1","3.9.1.1","4.0.0","4.0.1","4.0.2","4.1.3","4.1.3.1","4.2.0","4.2.1","4.2.2","4.3.0","4.3.1","4.3.2","4.3.3","4.3.4","4.6.0","4.6.1","4.6.10","4.6.11","4.6.13","4.6.14","4.6.15","4.6.16","4.6.17","4.6.18","4.6.2","4.6.3","4.6.4","4.6.5","4.6.8","4.7.0","4.7.1","4.7.10-fdroid","4.7.11","4.7.11-fdroid","4.7.12","4.7.12-fdroid","4.7.13","4.7.14","4.7.14-fdroid","4.7.15","4.7.15-fdroid","4.7.16","4.7.16-fdroid","4.7.17","4.7.18","4.7.19","4.7.2","4.7.20","4.7.21","4.7.22","4.7.3","4.7.4","4.7.5","4.7.6","4.7.7","4.7.8","4.7.9","4.8.0","4.8.1","4.8.10","4.8.11","4.8.12","4.8.13","4.8.14","4.8.15","4.8.16","4.8.17","4.8.18","4.8.19","4.8.2","4.8.20","4.8.21","4.8.22","4.8.3","4.8.4","4.8.5","4.8.6","4.8.7","4.8.8","4.8.9","4.9.0","4.9.1","4.9.10","4.9.11","4.9.12","4.9.13","4.9.14","4.9.15","4.9.2","4.9.3","4.9.4","4.9.5","4.9.6","4.9.7","4.9.8","5.0.0","5.0.1","5.0.2","5.1.0","5.1.2","5.1.3","5.1.4","5.1.5","5.2.0","5.2.1","5.3.0","6.0","6.0.1","6.0.2","6.0.3","6.0.4","6.0.5","6.0.6","6.1","6.1.1","6.1.2","6.1.3","6.2","6.3","6.3.1","6.4","6.4.1","6.4.3","6.5","6.5.1","6.5.2","6.5.3","6.5.4","6.5.5","6.6","6.6.1","6.6.2","6.7","6.7.1","6.8","6.8.1","6.9","6.9.1","6.9.2","6.9.3","7.0","7.1","7.1.1","7.1.2","7.2","7.2.1","7.3","7.3.1","7.4","7.4.1","7.4.2","7.5","7.6","7.6.1","7.7","7.8","8.0","8.1","8.10","8.2","8.2.1","8.3","8.4","8.5","8.6","8.7","8.8","8.9","8.9.1","8.9.2","9.0","9.1","9.2","9.3","9.4","9.6","9.7","9.7.1","9.7.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-22475.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}