CVE-2020-36628
CRITICAL WAF: High
CVSS 9.8
Published: 2022-12-25
CWE-22
A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| android_processing_development_environment_project | android_processing_development_environment | up to 0.5.2 |
| android_processing_development_environment_project | android_processing_development_environment | 0.5.2 |
References
- github.com (Patch, Third Party Advisory)
- github.com (Release Notes, Third Party Advisory)
- vuldb.com (Third Party Advisory)