Enviar #782200: FedML-AI FedML <=0.8.9 Path Traversalinformación

TítuloFedML-AI FedML <=0.8.9 Path Traversal
DescripciónA path traversal vulnerability (CWE-22) exists in the Android client of FedML. The client processes MQTT messages as task instructions and uses the dataSet parameter to construct filesystem paths without validation. An attacker who can publish or tamper with MQTT messages can supply crafted path traversal payloads (e.g., ../../../../) to cause the client to access and enumerate arbitrary directories within the app’s accessible filesystem.
Fuente⚠️ https://github.com/AnalogyC0de/public_exp/issues/25
Usuario
 Ana10gy (UID 93358)
Sumisión2026-03-18 09:40 (hace 29 días)
Moderación2026-04-04 08:40 (17 days later)
EstadoAceptado
Entrada de VulDB355288 [FedML-AI FedML hasta 0.8.9 MQTT Message FileUtils.java dataSet recorrido de directorios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!