CVE-2024-54461

Published: Jan 29, 2025

Modified: Feb 12, 2025

PUBLISHED

Description

The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability.

Vendor	Product	Versions
Flutter	file_selector_android	affected `0.5.1 - <= 0.5.1+11`

Weaknesses (CWE)

CWE-23

References

https://github.com/flutter/packages/security/advisories/GHSA-r465-vhm9-7r5h

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-54461

Description

Affected Products

Weaknesses (CWE)

References