← Voltar para CVEs
CVE-2024-10382
HIGH7.5
Descricao
There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on victims device to be able to attack any application that uses vulnerable library. We recommend upgrading the library past version 1.7.0-beta02.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado11/20/2024
Ultima modificacao8/4/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
google:androidx.car.app
Fraquezas (CWE)
CWE-502CWE-94
Referencias
https://developer.android.com/jetpack/androidx/releases/car-app#1.7.0-beta03(cve-coordination@google.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.