In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-05-04T00:00:00
Updated: 2024-08-03T15:02:36.498Z
Reserved: 2022-12-21T00:00:00
Link: CVE-2022-47757
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-05-04T02:15:09.177
Modified: 2023-05-10T03:54:12.323
Link: CVE-2022-47757
Redhat
No data.