Malicious code in @nativescript-community/ui-document-picker (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 46d11dbb6f2ddb5b46be5e63a827af98e3f887baac9c3df11be485d8326089b2 This package was compromised by the Shai-Hulud NPM worm. The malicious payload steal...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

React Native Document Picker Directory Traversal vulnerability

Directory Traversal vulnerability in React Native Document Picker before 8.2.2 and 9.x before 9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

@armiasystems/react-native-armia-chat-sdk (>=1.0.8 <=1.0.9), @kafudev/react-native-core (>=1.0.1 <=1.0.4) +42 more potentially affected by CVE-2024-25466 via react-native-document-picker (>=2.3.0 <=8.2.0)

react-native-document-picker NPM version =2.3.0, =1.0.8, =1.0.1, =0.64.1-beta.46, =0.5.0, =0.0.8, =0.0.14, =0.0.186, =0.0.5, =2.46.0, =1.0.0, =0.0.24, =0.0.1, =1.1.12 - abc123efgh =1.0.0 and more Source cves: CVE-2024-25466 Source advisory: OSV:GHSA-PMGM-H3CC-M4HJ...

GHSA-PMGM-H3CC-M4HJ React Native Document Picker Directory Traversal vulnerability

Directory Traversal vulnerability in React Native Document Picker before 8.2.2 and 9.x before 9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

@icanbwell/composite (>=1.89.4 <=1.202.0), @icanbwell/native-components (>=0.21.6 <=0.31.0) +4 more potentially affected by CVE-2024-25466 via react-native-document-picker (>=9.0.1 <=9.1.0)

react-native-document-picker NPM version =9.0.1, =1.89.4, =0.21.6, =0.14.5, =1.1.0, =1.8.0 - @likeminds.community/feed-rn-core =0.6.0 - @likeminds.community/feed-rn-core-beta =0.0.1 Source cves: CVE-2024-25466 Source advisory: OSV:GHSA-PMGM-H3CC-M4HJ...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

Directory traversal

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

PT-2024-20960 · Unknown · React Native Document Picker

Name of the Vulnerable Software and Affected Versions: React Native Document Picker versions prior to 9.1.1 React Native Document Picker version 8.2.2 and earlier Description: A Directory Traversal issue allows a local attacker to execute arbitrary code via a crafted script to the Android library...

CVE-2024-25466

CVE-2024-25466 is a directory traversal vulnerability in React Native Document Picker affecting versions prior to 9.1.1 . The root cause is an Android library component that processes crafted scripts, allowing a local attacker to execute arbitrary code. The vulnerability is fixed in version 9.1.1...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

React Native Security Vulnerabilities

React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A security vulnerability exists in React Native Document Picker versions prior to v.9.1.1, which stems from a path traversal vulnerability in the component Android library...