41 matches found
CVE-2022-0219
Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2...
EUVD-2022-0685
Malicious code in bioql PyPI...
EUVD-2022-7005
Malicious code in bioql PyPI...
CVE-2024-32653
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...
CVE-2022-39259
jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds...
Improper Input Validation
jadx is vulnerable to Improper Input Validation. The vulnerability is due to lack of filtering of the package name before concatenation, allowing an attacker to inject arbitrary code into the package name, which could be exploited to execute commands with shell privileges...
Path Traversal
io.github.skylot:jadx-core is vulnerable to Path Traversal. The vulnerability is due to improper handling of escape characters in resource files and insufficient validation in processing zip files. This can lead to the possibility of overwriting other files in the directory when saving the...
CVE-2024-32653
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...
CVE-2024-32653
CVE-2024-32653 concerns Jadx, a Dex-to-Java decompiler. Before 1.5.0, the package name is not filtered prior to concatenation, enabling an attacker to inject arbitrary code into the package name and execute commands with shell privileges. The affected version is fixed in 1.5.0, which contains a p...
CVE-2024-32653 Insufficient input filtering of "package name" allows command execution in the device with shell privileges
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...
GHSA-HVP5-5X4F-33FQ JADX file override vulnerability
Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway Detai...
JADX file override vulnerability
Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway Detai...
PT-2024-40332 · Jadx · Jadx
Name of the Vulnerable Software and Affected Versions: jadx affected versions not specified Description: The issue arises when jadx parses a resource file, specifically with an escape problem related to style files. This can lead to overwriting other files in the directory when saving the...
Skylot Jadx 安全漏洞
Skylot Jadx is a Dex to Java decompiler. A security vulnerability exists in Skylot Jadx versions prior to 1.5.0 that stems from insufficient input filtering of the package name, which allows an attacker to execute commands in a device with shell privileges...
PT-2024-24747 · Jadx · Jadx
Name of the Vulnerable Software and Affected Versions: jadx versions prior to 1.5.0 Description: The issue concerns a Dex to Java decompiler where the package name is not filtered before concatenation, allowing an attacker to inject arbitrary code into the package name. This can be exploited to...
CVE-2022-39259
jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds...
Skylot Jadx 安全漏洞
Skylot Jadx is a Dex to Java decompiler. A security vulnerability exists in Skylot Jadx versions prior to 1.4.5, which stems from the fact that it can cause a denial of service when opening a zip file with an HTML sequence...
CVE-2022-39259
The CVE refers to Skylot Jadx (Jadx-gui) prior to version 1.4.5, where opening a ZIP containing an HTML sequence can trigger a Denial of Service in the Swing HTML rendering. The underlying issue is a GUI-side DoS vulnerability in Jadx-gui’s HTML rendering path. The vulnerability is patched in ver...
CVE-2022-39259 Jadx-gui subject to Denial of Service via Swing HTML rendering
jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds...
CVE-2022-39259 Jadx-gui subject to Denial of Service via Swing HTML rendering
jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds...