Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient input filtering of "package name" allows command execution in the device with shell privileges
Vulnerability Description
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Skylot Jadx 安全漏洞
Vulnerability Description
Skylot Jadx是一个 Dex 到 Java 反编译器。 Skylot Jadx 1.5.0之前版本存在安全漏洞,该漏洞源于对package name的输入过滤不足,导致攻击者可以在具有shell权限的设备中执行命令。
CVSS Information
N/A
Vulnerability Type
N/A