漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Local arbitrary code execution in splitinstall in Android's Play Core
Vulnerability Description
A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
权限预留不恰当
Vulnerability Title
Google Android Play Core Library 路径遍历漏洞
Vulnerability Description
Google Android是美国谷歌(Google)和开放手持设备联盟(简称oha)的一套以Linux为基础的开源操作系统。 Android Play Core Library 1.7.2之前版本中的SplitCompat.install端点存在安全漏洞。攻击者可利用该漏洞实施目录遍历攻击,执行代码并访问目标应用程序的数据。
CVSS Information
N/A
Vulnerability Type
N/A