Home > Vulnerability Database > CVE-2017-20181

Mend.io Vulnerability Database

CVE-2017-20181

Good to know:

Date: March 6, 2023

A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.

Language: Java

Severity Score

5.5

Related Resources (6)

Url: https://vuldb.com/?ctiid.222328

Url: https://vuldb.com/?id.222328

Url: https://github.com/hgzojer/vocabletrainer/commit/accf6838078f8eb105cfc7865aba5c705fb68426

Url: https://github.com/hgzojer/vocabletrainer/releases/tag/v1.3.1

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-20181

Url: https://www.mend.io/vulnerability-database/CVE-2017-20181

Severity Score

5.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v1.3.1

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-20181

Good to know:

Date: March 6, 2023

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?