CVE-2024-32653

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32653

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32653.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-32653

Related

GHSA-3pp3-hg2q-9gpm

Published

2024-04-22T23:15:50Z

Modified

2025-05-28T10:39:02.452932Z

Summary

[none]

Details

jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability.

References

Affected packages

Git / github.com/skylot/jadx

Affected ranges

Type: GIT
Repo: https://github.com/skylot/jadx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f2ea6415c9228523eab1be4b1359eef43ba64372

Fixed

f2ea6415c9228523eab1be4b1359eef43ba64372

Affected versions

v0.*

v0.4

v0.4.1

v0.5.0

v0.5.0-beta1

v0.5.1

v0.5.2

v0.5.4

v0.6.0

v0.6.1

v0.7.1

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7