CVE-2024-10382— Arbitrary Code execution in Car App Android Jetpack Library

Arbitrary Code execution in Car App Android Jetpack Library

There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on victims device to be able to attack any application that uses vulnerable library. We recommend upgrading the library past version 1.7.0-beta02.

N/A

可信数据的反序列化

Google Car App 安全漏洞

Google Car App是美国谷歌（Google）公司的一个骑车应用程序库。 Google Car App存在安全漏洞，该漏洞源于存在代码执行漏洞，可能导致任意代码执行。

N/A

N/A