Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Yalantis uCrop AndroidManifest.xml UCropActivity improper export of android application components
Vulnerability Description
A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
CWE-926
Vulnerability Title
uCrop 安全漏洞
Vulnerability Description
uCrop是Yalantis开源的一个安卓图像裁剪库。 uCrop 2.2.11版本存在安全漏洞,该漏洞源于文件AndroidManifest.xml中函数UCropActivity导出不当,可能导致Android应用组件不当导出。
CVSS Information
N/A
Vulnerability Type
N/A