Browse all 4 CVE security advisories affecting didi. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Didi operates as a ride-hailing platform connecting drivers and passengers through mobile applications. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation issues, often stemming from insecure APIs and insufficient input validation. The platform has faced scrutiny for data privacy practices and experienced a major incident in 2021 when Chinese regulators ordered app stores to remove its services over data security concerns. Security assessments reveal common weaknesses in authentication mechanisms and third-party integrations. With four CVEs documented, the platform continues to address security challenges inherent in large-scale transportation networks handling sensitive user data and financial transactions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-10919 | didi Super-Jacoco triggerUnitCover os command injection — Super-JacocoCWE-78 | 6.3 | Medium | 2024-11-06 |
| CVE-2024-10435 | didi Super-Jacoco triggerEnvCov command injection — Super-JacocoCWE-77 | 6.3 | Medium | 2024-10-28 |
| CVE-2024-10173 | didi DDMQ Console Module improper authentication — DDMQCWE-287 | 7.3 | High | 2024-10-20 |
| CVE-2023-4984 | didi KnowSearch 1 credentials storage — KnowSearchCWE-256 | 4.3 | Medium | 2023-09-15 |
This page lists every published CVE security advisory associated with didi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.