Vulnerabilities > CVE-2020-36628 - Unspecified vulnerability in Android Processing Development Environment Project Android Processing Development Environment
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747.
Vulnerable Configurations
References
- https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf
- https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf
- https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha
- https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha
- https://vuldb.com/?id.216747
- https://vuldb.com/?id.216747