CVE-2024-10382

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 20, 2024
Updated: Nov 21, 2024
CWE ID 94
CWE ID 502

Summary

CVE-2024-10382 is a code execution vulnerability affecting the Car App Android Jetpack Library. The issue resides in the CarAppService deserialization logic, which allows for the construction of arbitrary java classes. With the help of other gadgets, this vulnerability can lead to the execution of malicious code. For an attack to be successful, an attacker needs to have a malicious app installed on a victim's device alongside an app that uses the CarAppService Class. To mitigate this risk, it is recommended to upgrade the library to a version past 1.7.0-beta02.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share