Описание
In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:imo:imo:2022.11.1051:*:*:*:*:android:*:*
EPSS
Процентиль: 36%
0.00152
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-22
EPSS
Процентиль: 36%
0.00152
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-22