Опубликовано: 16 фев. 2024
Источник: github
Github: Прошло ревью
CVSS4: 7.2
CVSS3: 7.3
Описание
React Native Document Picker Directory Traversal vulnerability
Directory Traversal vulnerability in React Native Document Picker before 8.2.2 and 9.x before 9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-25466
- https://github.com/rnmods/react-native-document-picker/pull/698
- https://github.com/rnmods/react-native-document-picker/commit/1ae7cb217d23a551bff86ad10c7ae6f5e074490f
- https://github.com/rnmods/react-native-document-picker/commit/ad0b5e58252eba56a5a3b22311a66ffa5e65cffe
- https://github.com/FixedOctocat/CVE-2024-25466/tree/main
- https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java
- https://github.com/rnmods/react-native-document-picker/releases/tag/v8.2.2
Пакеты
Наименование
react-native-document-picker
npm
Затронутые версииВерсия исправления
>= 9.0.0, < 9.1.1
9.1.1
Наименование
react-native-document-picker
npm
Затронутые версииВерсия исправления
< 8.2.2
8.2.2
Связанные уязвимости
CVSS3: 7.8
nvd
почти 2 года назад
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.