Отправить #782200: FedML-AI FedML <=0.8.9 Path TraversalИнформация

Название	FedML-AI FedML <=0.8.9 Path Traversal
Описание	A path traversal vulnerability (CWE-22) exists in the Android client of FedML. The client processes MQTT messages as task instructions and uses the dataSet parameter to construct filesystem paths without validation. An attacker who can publish or tamper with MQTT messages can supply crafted path traversal payloads (e.g., ../../../../) to cause the client to access and enumerate arbitrary directories within the app’s accessible filesystem.
Источник	⚠️ https://github.com/AnalogyC0de/public_exp/issues/25
Пользователь	Ana10gy (UID 93358)
Представление	18.03.2026 09:40 (20 дни назад)
Модерация	04.04.2026 08:40 (17 days later)
Статус	принято
Запись VulDB	355288 [FedML-AI FedML до 0.8.9 MQTT Message FileUtils.java dataSet обход каталога]
Баллы	20

Might our Artificial Intelligence support you?

Check our Alexa App!