https://github.com/fixedoctocat/cve-2024-25466
Description for CVE-2024-25466
https://github.com/fixedoctocat/cve-2024-25466
Last synced: 5 months ago
JSON representation
Description for CVE-2024-25466
- Host: GitHub
- URL: https://github.com/fixedoctocat/cve-2024-25466
- Owner: FixedOctocat
- Created: 2024-02-15T07:47:14.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-02-15T12:41:06.000Z (over 2 years ago)
- Last Synced: 2025-03-25T19:25:17.538Z (over 1 year ago)
- Size: 5.86 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2024-25466
Description for CVE-2024-25466
> [Suggested description]
> Directory Traversal vulnerability in React Native Document Picker
> before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute
> arbitrary code via a crafted script to the Android library component.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Directory Traversal
>
> ------------------------------------------
>
> [Vendor of Product]
> https://github.com/rnmods/react-native-document-picker/
>
> ------------------------------------------
>
> [Affected Product Code Base]
> react-native-document-picker android library - react-native-document-picker library for android:<9.1.1 version, fixed in 9.1.1
>
> ------------------------------------------
>
> [Affected Component]
> Android library (exact file: https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java)
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> To exploit this vulnerability, user must choose malicious configured application while picking a file
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Reference]
> http://react-native-document-picker.com
> https://github.com/rnmods/react-native-document-picker/
> https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java
>
> ------------------------------------------
>
> [CVSSv3]
> CVSS v3: (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H): 7.3