CVE-2024-25466

Опубликовано: 16 фев. 2024

Источник: nvd

CVSS3: 7.8

CVSS3: 7.3

EPSS Низкий

Описание

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.

Ссылки

https://github.com/FixedOctocat/CVE-2024-25466/tree/main
Third Party Advisory
https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java
Product
https://github.com/FixedOctocat/CVE-2024-25466/tree/main
Third Party Advisory
https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:react-native-documents:document_picker:*:*:*:*:*:*:*:*

Версия до 9.1.1 (исключая)

EPSS

Процентиль: 75%

0.00908

Низкий

7.8 High

CVSS3

7.3 High

CVSS3

Дефекты

CWE-26

Связанные уязвимости

GHSA-pmgm-h3cc-m4hj

CVSS3: 7.3

github

почти 2 года назад

React Native Document Picker Directory Traversal vulnerability

EPSS

Процентиль: 75%

0.00908

Низкий

7.8 High

CVSS3

7.3 High

CVSS3

Дефекты

CWE-26