CVE-2024-54461 - Vulnerability Details - OpenCVE

The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/flutter/packages/security/advisories/GHSA-r465-vhm9-7r5h

History

Wed, 29 Jan 2025 12:00:00 +0000

Type	Values Removed	Values Added
Description		The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability.
Title		Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites
Weaknesses		CWE-23
References		https://github.com/flutter/packages/security/advisories/GHSA-r465-vhm9-7r5h
Metrics		cvssV4_0 `{'score': 2.1, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2025-01-29T11:51:04.255Z

Updated: 2025-02-12T19:51:14.271Z

Reserved: 2024-12-03T10:16:06.217Z

Link: CVE-2024-54461

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-01-29T12:15:28.437

Modified: 2025-01-29T12:15:28.437

Link: CVE-2024-54461

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-54461", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2024-12-03T10:16:06.217Z", "datePublished": "2025-01-29T11:51:04.255Z", "dateUpdated": "2025-02-12T19:51:14.271Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "file_selector_android", "vendor": "Flutter", "versions": [{"lessThanOrEqual": "0.5.1+11", "status": "affected", "version": "0.5.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability.</p>"}], "value": "The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 2.1, "baseSeverity": "LOW", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "description": "CWE-23", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2025-01-29T11:51:04.255Z"}, "references": [{"url": "https://github.com/flutter/packages/security/advisories/GHSA-r465-vhm9-7r5h"}], "source": {"discovery": "UNKNOWN"}, "title": "Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-54461", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-29T14:05:06.351655Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T19:51:14.271Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability."}], "id": "CVE-2024-54461", "lastModified": "2025-01-29T12:15:28.437", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2025-01-29T12:15:28.437", "references": [{"source": "cve-coordination@google.com", "url": "https://github.com/flutter/packages/security/advisories/GHSA-r465-vhm9-7r5h"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}