CVE-2021-21386

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-21386

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21386.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21386

Aliases

GHSA-8434-v7xw-8m9x

Related

GHSA-8434-v7xw-8m9x

Published

2021-03-24T21:15:15.177Z

Modified

2026-04-10T04:29:38.344113Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name. The problem is fixed in version v2.0.6-dev and above.

References

Affected packages

Git / github.com/dwisiswant0/apkleaks

Affected ranges

Type

GIT

Repo

https://github.com/dwisiswant0/apkleaks

Events

Introduced

Fixed

ccd656976ffe45bacd54459b1fc16879569ae3b3

Fixed

a966e781499ff6fd4eea66876d7532301b13a382

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.3"
        }
    ]
}

Affected versions

v0.*

v0.3.1-beta

v0.3.2-beta

v1.*

v1.0.1

v1.0.2

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21386.json"