Primary

Context

file_selector_android Malicious Document Provider Vulnerability Allowing Cache File Overwrite

Vulnerability

A vulnerability in the file_selector_android package, specifically in versions 0.5.1 through 0.5.1+11, allows malicious document providers to select files that can overwrite internal app cache files. This issue arises because the package fails to properly sanitize file names from document providers, creating a risk for users with malicious providers installed.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of internal files in the app's cache.

Remediation

Users are advised to update to version 0.5.1+12 or later, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

file_selector_android Malicious Document Provider Vulnerability Allowing Cache File Overwrite

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating