High severityNVD Advisory· Published Feb 16, 2024· Updated Aug 19, 2024
CVE-2024-25466
CVE-2024-25466
Description
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
react-native-document-pickernpm | >= 9.0.0, < 9.1.1 | 9.1.1 |
react-native-document-pickernpm | < 8.2.2 | 8.2.2 |
Affected products
2- React Native/Document Pickerdescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-pmgm-h3cc-m4hjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-25466ghsaADVISORY
- github.com/FixedOctocat/CVE-2024-25466/tree/mainghsaWEB
- github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.javaghsaWEB
- github.com/rnmods/react-native-document-picker/commit/1ae7cb217d23a551bff86ad10c7ae6f5e074490fghsaWEB
- github.com/rnmods/react-native-document-picker/commit/ad0b5e58252eba56a5a3b22311a66ffa5e65cffeghsaWEB
- github.com/rnmods/react-native-document-picker/pull/698ghsaWEB
- github.com/rnmods/react-native-document-picker/releases/tag/v8.2.2ghsaWEB
News mentions
0No linked articles in our index yet.