CVE-2024-25466
Directory Traversal vulnerability in react-native-document-picker (npm)
What is CVE-2024-25466 About?
A Directory Traversal vulnerability exists in React Native Document Picker before versions 8.2.2 and 9.x before 9.1.1. This flaw allows a local attacker to execute arbitrary code by supplying a crafted script to the Android library component. Exploitation requires local access and user interaction to trigger, making it moderately difficult.
Affected Software
- react-native-document-picker
- <8.2.2
- >9.0.0, <9.1.1
Technical Details
The Directory Traversal vulnerability in React Native Document Picker arises due to improper sanitization of file paths when handling documents, specifically within the Android library component. An attacker can craft a malicious script (e.g., via a document with a path containing ../ sequences) that, when processed by the vulnerable component, allows for writing or executing files outside the intended directory. If this crafted script points to a sensitive location where local code execution can be achieved (e.g., by overwriting an executable file or injecting into an automatically launched script), it leads to arbitrary code execution. The attack requires local access to the device and typically involves tricking a user into opening or processing a specially crafted document.
What is the Impact of CVE-2024-25466?
Successful exploitation may allow attackers to execute arbitrary code on the affected device with the privileges of the application, leading to device compromise, data manipulation, or further malicious activities.
What is the Exploitability of CVE-2024-25466?
Exploitation of this Directory Traversal vulnerability necessitates local access to the device running the React Native application. The complexity is moderate, as it involves crafting a specific document or file path that exploits the directory traversal flaw and then inducing the user to interact with it. No remote access is directly possible for this specific vulnerability; it's a local attack typically requiring user interaction (e.g., opening a malicious document). Authentication is not a direct requirement for the vulnerability itself, but the attacker must be able to place the malicious file on the device and get the user to open it. Privilege requirements would be those of the React Native application. The risk is heightened if the application frequently handles untrusted documents from local storage or downloads, and if users are prone to opening suspicious files.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| FixedOctocat | Link | Description for CVE-2024-25466 |
What are the Available Fixes for CVE-2024-25466?
Available Upgrade Options
- react-native-document-picker
- <8.2.2 → Upgrade to 8.2.2
- react-native-document-picker
- >9.0.0, <9.1.1 → Upgrade to 9.1.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/rnmods/react-native-document-picker
- https://github.com/rnmods/react-native-document-picker/commit/ad0b5e58252eba56a5a3b22311a66ffa5e65cffe
- https://github.com/rnmods/react-native-document-picker/commit/1ae7cb217d23a551bff86ad10c7ae6f5e074490f
- https://osv.dev/vulnerability/GHSA-pmgm-h3cc-m4hj
- https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java
- https://github.com/FixedOctocat/CVE-2024-25466/tree/main
- https://github.com/rnmods/react-native-document-picker/pull/698
- https://nvd.nist.gov/vuln/detail/CVE-2024-25466
- https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java
- https://github.com/FixedOctocat/CVE-2024-25466/tree/main
What are Similar Vulnerabilities to CVE-2024-25466?
Similar Vulnerabilities: CVE-2023-50032 , CVE-2023-49080 , CVE-2023-44249 , CVE-2023-41005 , CVE-2023-38827
