4 matches found
GHSA-763J-3P5V-JFC6 androidqf: APK download Path Traversal in device APK paths
Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...
PT-2026-37052
Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.2.4 Description A crafted .apk file can install a TypeSymlink tar entry with a target pointing outside the build root. Subsequent directory-creation or file-write entries in the same or later archive can traverse...
CVE-2023-49794
KernelSU (Kernel-based root solution for Android) versions ≤ 0.7.1 contain a bypass in the kernel module’s apk-path logic. This allows a malicious apk named me.weishu.kernelsu, or one with a package name matching the official KernelSU Manager, to obtain root privileges on the device. Exploitation...
CVE-2023-49794 The logic of get apk path in KernelSU module can be bypassed
KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named me.weishu.kernelsu get root permission. If a KernelSU module installed device try to install any not...