CVE-2021-21386: OS Command Injection

March 24, 2021 (updated March 27, 2021)

APKLeaks allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name.

References

nvd.nist.gov/vuln/detail/CVE-2021-21386

Detect and mitigate CVE-2021-21386 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →