| Titel | uCrop Android Library 2.2.11 Server-Side Request Forgery |
|---|
| Beschreibung | Hello, this is arrester. On June 10th, I reported the issue to the official uCrop GitHub repository using the Security tab and even tagged the person in charge during the process, but since I still haven’t received a response, I am now submitting it to VulDB.
The SSRF vulnerability I discovered occurs due to insufficient input validation in the URL handling of the downloadFile function in com.yalantis.ucrop.task.BitmapLoadTask.java. |
|---|
| Quelle | ⚠️ https://mesquite-dream-86b.notion.site/uCrop-Library-SSRF-and-Intent-Spoofing-2b8512562197804dae69edf96b942446 |
|---|
| Benutzer | arrester (UID 93048) |
|---|
| Einreichung | 27.11.2025 19:36 (vor 7 Monaten) |
|---|
| Moderieren | 11.12.2025 07:46 (14 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 335854 [Yalantis uCrop 2.2.11 URL com.yalantis.ucrop.task.BitmapLoadTask.java downloadFile erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|