cve/CVE-2024-32653.md at 4edef1e4c8c71572b001933b68c0e9d801ec9035

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability.

POC

Reference

https://github.com/skylot/jadx/security/advisories/GHSA-3pp3-hg2q-9gpm

Github

No PoCs found on GitHub currently.

867 B Raw Blame History

CVE-2024-32653

Description

POC

Reference

Github

867 B

Raw Blame History