An open API service indexing awesome lists of open source software.

https://github.com/fixedoctocat/cve-2024-25466

Description for CVE-2024-25466
https://github.com/fixedoctocat/cve-2024-25466

Last synced: 5 months ago
JSON representation

Description for CVE-2024-25466

Awesome Lists containing this project

README

          

# CVE-2024-25466
Description for CVE-2024-25466

> [Suggested description]
> Directory Traversal vulnerability in React Native Document Picker
> before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute
> arbitrary code via a crafted script to the Android library component.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Directory Traversal
>
> ------------------------------------------
>
> [Vendor of Product]
> https://github.com/rnmods/react-native-document-picker/
>
> ------------------------------------------
>
> [Affected Product Code Base]
> react-native-document-picker android library - react-native-document-picker library for android:<9.1.1 version, fixed in 9.1.1
>
> ------------------------------------------
>
> [Affected Component]
> Android library (exact file: https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java)
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> To exploit this vulnerability, user must choose malicious configured application while picking a file
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Reference]
> http://react-native-document-picker.com
> https://github.com/rnmods/react-native-document-picker/
> https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java
>
> ------------------------------------------
>
> [CVSSv3]
> CVSS v3: (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H): 7.3