Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uncontrolled data used in content resolution
Vulnerability Description
Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L
Vulnerability Type
未有动机的代理或中间人(混淆代理)
Vulnerability Title
Omni-Notes 安全漏洞
Vulnerability Description
Omni-Notes是适用于 Android 的开源笔记应用程序。 Omni-Notes 6.2.7之前版本存在安全漏洞,该漏洞源于笔记附件的路径未得到正确验证,允许同一设备中的恶意或受损应用程序使 Omni-notes 将文件从其内部存储复制到外部存储目录。
CVSS Information
N/A
Vulnerability Type
N/A