{
    "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-11354",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "n/a",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "n/a"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "url": "https://blog.underdogsecurity.com/rce_in_origin_client/",
                "refsource": "MISC",
                "name": "https://blog.underdogsecurity.com/rce_in_origin_client/"
            },
            {
                "url": "https://techcrunch.com/2019/04/16/ea-origin-bug-exposed-hackers/",
                "refsource": "MISC",
                "name": "https://techcrunch.com/2019/04/16/ea-origin-bug-exposed-hackers/"
            },
            {
                "url": "http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentially_opened_the_client_to_hackers.php",
                "refsource": "MISC",
                "name": "http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentially_opened_the_client_to_hackers.php"
            },
            {
                "url": "https://www.thesun.co.uk/tech/8877334/sims-4-battlefield-fifa-origin-hackers/",
                "refsource": "MISC",
                "name": "https://www.thesun.co.uk/tech/8877334/sims-4-battlefield-fifa-origin-hackers/"
            },
            {
                "url": "https://gizmodo.com/ea-origin-users-update-your-client-now-1834079604",
                "refsource": "MISC",
                "name": "https://gizmodo.com/ea-origin-users-update-your-client-now-1834079604"
            },
            {
                "url": "https://www.pcmag.com/news/367801/security-flaw-allowed-any-app-to-run-using-eas-origin-clien",
                "refsource": "MISC",
                "name": "https://www.pcmag.com/news/367801/security-flaw-allowed-any-app-to-run-using-eas-origin-clien"
            },
            {
                "url": "https://www.techradar.com/news/major-security-flaw-found-in-ea-origin-gaming-client",
                "refsource": "MISC",
                "name": "https://www.techradar.com/news/major-security-flaw-found-in-ea-origin-gaming-client"
            },
            {
                "url": "https://www.trustedreviews.com/news/time-update-origin-eas-game-client-security-risk-just-installed-3697942",
                "refsource": "MISC",
                "name": "https://www.trustedreviews.com/news/time-update-origin-eas-game-client-security-risk-just-installed-3697942"
            },
            {
                "url": "https://www.vg247.com/2019/04/17/ea-origin-security-flaw-run-malicious-code-fixed/",
                "refsource": "MISC",
                "name": "https://www.vg247.com/2019/04/17/ea-origin-security-flaw-run-malicious-code-fixed/"
            },
            {
                "url": "https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-link-aus-1904-140738.html",
                "refsource": "MISC",
                "name": "https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-link-aus-1904-140738.html"
            },
            {
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.html",
                "url": "http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.html"
            },
            {
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.html",
                "url": "http://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.html"
            }
        ]
    }
}