Soumettre #782200: FedML-AI FedML <=0.8.9 Path Traversalinformation

TitreFedML-AI FedML <=0.8.9 Path Traversal
DescriptionA path traversal vulnerability (CWE-22) exists in the Android client of FedML. The client processes MQTT messages as task instructions and uses the dataSet parameter to construct filesystem paths without validation. An attacker who can publish or tamper with MQTT messages can supply crafted path traversal payloads (e.g., ../../../../) to cause the client to access and enumerate arbitrary directories within the app’s accessible filesystem.
La source⚠️ https://github.com/AnalogyC0de/public_exp/issues/25
Utilisateur
 Ana10gy (UID 93358)
Soumission18/03/2026 09:40 (il y a 21 jours)
Modérer04/04/2026 08:40 (17 days later)
StatutAccepté
Entrée VulDB355288 [FedML-AI FedML jusqu’à 0.8.9 MQTT Message FileUtils.java dataSet directory traversal]
Points20

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!