CVE-2024-10382

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 20, 2024

Updated: Nov 26, 2024

CWE ID 94

CWE ID 502

Summary

CVE-2024-10382: A critical vulnerability has been identified in the Car App Android Jetpack Library (version 1.7.0-beta02 and below). The CarAppService component utilizes deserialization logic, which can be exploited to construct arbitrary Java classes. An attacker can leverage this weakness in conjunction with specific Java deserialization gadgets to execute arbitrary code. To mitigate this threat, it is imperative to update the library to a version that patchers this issue. Installing a malicious application on a victim's device is a prerequisite for an attacker to exploit this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z19aXN
https://www.cve.org/CVERecord?id=CVE-2024-10382
https://nvd.nist.gov/vuln/detail/CVE-2024-10382

Back to Vulnerability Database

CVE-2024-10382

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations