My Text Editor Path Traversal Vulnerability Leading to Denial-of-Service
Vulnerability
A path traversal vulnerability has been identified in My Text Editor version 1.6.2. This vulnerability allows attackers to write arbitrary files to the app's internal storage, bypassing sandbox restrictions. The issue arises from inadequate security checks during file imports, enabling control over file names and contents. Exploitation of this vulnerability could cause a denial-of-service condition by filling up storage or memory with large files, disrupting the app's normal operations.
Impact
Exploitation of this vulnerability can lead to a denial-of-service condition, causing the app to malfunction by exhausting storage or memory resources.
Reproduction
The vulnerability can be reproduced by sending an intent from a malicious application to My Text Editor. This intent should include a URI that traverses the file system to reach the app's internal storage. Once the intent is received, the specified file is automatically created in the internal storage without any user consent, demonstrating unauthorized file write access.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.