Lucene search
HistorySep 11, 2024 - 12:15 a.m.
CVE-2024-40662
uri.java
input validation
local escalation
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.6%
In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Related
cvelist
cvelist
CVE-2024-40662
2024-09-11 00:09:19
vulnrichment
vulnrichment
CVE-2024-40662
2024-09-11 00:09:19
cve
cve
CVE-2024-40662
2024-09-11 00:15:11
osv
osv
Bypass CVE-2022-20338
2024-09-01 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.6%
Related for NVD:CVE-2024-40662