Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2024-54462 First vendor Publication 2025-01-29
Vendor Cve Last vendor Modification 2025-07-30

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Overall CVSS Score 7.1
Base Score 7.1 Environmental Score 7.1
impact SubScore 5.2 Temporal Score 7.1
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required None User Interaction Required
Scope Unchanged Confidentiality Impact None
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.8.12+18. It is recommended to update to the latest version of image_picker_android that contains the changes to address this vulnerability.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54462

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Sources (Detail)

https://github.com/flutter/packages/security/advisories/GHSA-98v2-f47x-89xw
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2025-07-30 09:20:50
  • Multiple Updates
2025-01-29 17:20:29
  • First insertion