CVE-2024-10382 – Android Jetpack Car App RCE Vulnerability

11月 20, 2024
12:16 pm

CVE ID : CVE-2024-10382

Published : Nov. 20, 2024, 11:15 a.m. | 1 hour, 1 minute ago

Description : There exists a code execution vulnerability in the Car App Android Jetpack Library. In the CarAppService desrialization logic is used that allows for arbitrary java classes to be constructed. In combination with other gadgets, this can lead to arbitrary code execution. An attacker needs to have an app on a victims Android device that uses the CarAppService Class and the victim would need to install a malicious app alongside it. We recommend upgrading the library past version 1.7.0-beta02

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-10382 – Android Jetpack Car App RCE Vulnerability

Elvescore.io

Recent Posts

CVE-2024-12962 – Code-Projects Job Recruitment SQL Injection Vulnerability

CVE-2024-54907 – TOTOLINK A3002R Remote Code Execution Vulnerability in boa FormWsc Handler

CVE-2024-12960 – Apache MCA 1.0 SQL Injection Vulnerability

CVE-2024-12961 – Apache MCA Portfolio Management System SQL Injection Vulnerability

CVE-2024-12908 – Delinea Secret Server Regular Expression Injection Vulnerability

CVE-2024-12958 – RPost MCA SQL Injection Vulnerability

CVE-2024-10382 – Android Jetpack Car App RCE Vulnerability

CVE-2024-10382 – Android Jetpack Car App RCE Vulnerability