Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-25466 PoC — React Native 安全漏洞

Source
https://github.com/FixedOctocat/CVE-2024-25466
Associated Vulnerability
Title:React Native 安全漏洞 (CVE-2024-25466)
Description:React Native是开源的一个JavaScript框架。用于构建用户界面和本机应用程序。 React Native Document Picker v.9.1.1之前版本存在安全漏洞,该漏洞源于组件Android library存在路径遍历漏洞。
Description
Description for CVE-2024-25466
Readme
# CVE-2024-25466
Description for CVE-2024-25466

> [Suggested description]</br>
> Directory Traversal vulnerability in React Native Document Picker
> before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute
> arbitrary code via a crafted script to the Android library component.
>
> ------------------------------------------
>
> [Vulnerability Type]</br>
> Directory Traversal
>
> ------------------------------------------
>
> [Vendor of Product]</br>
> https://github.com/rnmods/react-native-document-picker/
>
> ------------------------------------------
>
> [Affected Product Code Base]</br>
> react-native-document-picker android library - react-native-document-picker library for android:<9.1.1 version, fixed in 9.1.1
>
> ------------------------------------------
>
> [Affected Component]</br>
> Android library (exact file: https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java)
>
> ------------------------------------------
>
> [Attack Type]</br>
> Local
>
> ------------------------------------------
>
> [Impact Code execution]</br>
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]</br>
> true
>
> ------------------------------------------
>
> [Attack Vectors]</br>
> To exploit this vulnerability, user must choose malicious configured application while picking a file
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]</br>
> true
>
> ------------------------------------------
>
> [Reference]</br>
> http://react-native-document-picker.com</br>
> https://github.com/rnmods/react-native-document-picker/</br>
> https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java
>
> ------------------------------------------
>
> [CVSSv3]</br>
> CVSS v3: (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H): 7.3
File Snapshot

 [4.0K]  /data/pocs/f0207d8f3e06546727fee2b0db56efa873bdb3a7
└── [2.0K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.