CVE-2024-10382

CVSS V2 None CVSS V3 None
Description
There exists a code execution vulnerability in the Car App Android Jetpack Library. In the CarAppService desrialization logic is used that allows for arbitrary java classes to be constructed. In combination with other gadgets, this can lead to arbitrary code execution. An attacker needs to have an app on a victims Android device that uses the CarAppService Class and the victim would need to install a malicious app alongside it. We recommend upgrading the library past version 1.7.0-beta02
Overview
  • CVE ID
  • CVE-2024-10382
  • Assigner
  • Google
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-20T10:21:20.473Z
  • Last Modified Date
  • 2024-11-20T16:53:31.288Z
History
Created Old Value New Value Data Type Notes
2024-11-21 13:14:44 Added to TrackCVE