CVE-2024-25466

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in npm/react-native-document-picker

Identifiers

GHSA-pmgm-h3cc-m4hj, CVE-2024-25466

Package Slug

npm/react-native-document-picker

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.

Affected Versions

All versions before 9.1.1

Solution

Upgrade to version 9.1.1 or above.

Last Modified

2024-02-19

source