A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747.
References
Link | Resource |
---|---|
https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf | Patch Third Party Advisory |
https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha | Release Notes Third Party Advisory |
https://vuldb.com/?id.216747 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Jan 2023, 14:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Android Processing Development Environment Project android Processing Development Environment
Android Processing Development Environment Project |
|
CPE | cpe:2.3:a:android_processing_development_environment_project:android_processing_development_environment:*:*:*:*:*:android:*:* cpe:2.3:a:android_processing_development_environment_project:android_processing_development_environment:0.5.2:pre1_alpha:*:*:*:android:*:* |
|
References | (MISC) https://vuldb.com/?id.216747 - Third Party Advisory | |
References | (MISC) https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf - Patch, Third Party Advisory |
25 Dec 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-25 11:15
Updated : 2024-04-11 01:08
NVD link : CVE-2020-36628
Mitre link : CVE-2020-36628
CVE.ORG link : CVE-2020-36628
JSON object : View
Products Affected
android_processing_development_environment_project
- android_processing_development_environment
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')