Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Argument Delimiters in a Decompiling Package Process
Vulnerability Description
APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name. The problem is fixed in version v2.0.6-dev and above.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
参数注入或修改
Vulnerability Title
Dw1 apkleaks 参数注入漏洞
Vulnerability Description
Dw1 apkleaks是 Dw1开源的一个应用程序。用于扫描APK文件中的URI,端点和机密。 APKLeaks prior to v2.0.3 存在安全漏洞,攻击者可利用该漏洞可以包含允许执行意外命令或代码。
CVSS Information
N/A
Vulnerability Type
N/A