CVE-2024-54461
Published: 29 January 2025
Description
The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability.
Security Summary
CVE-2024-54461 is a path traversal vulnerability (CWE-22, CWE-23) in the file_selector package, specifically the file_selector_android component within Flutter packages. The issue stems from missing sanitization checks on file names constructed from document providers, which can enable malicious providers to craft names that override internal files in an application's cache. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) and was published on 2025-01-29.
Exploitation requires local access to the target device, where an attacker installs a malicious document provider application. A victim user must then interact with a vulnerable app by selecting a document file from the attacker's provider, potentially allowing the attacker to overwrite critical files in the app's cache directory. This results in high integrity and availability impacts, such as corrupting app data or disrupting functionality, though no confidentiality loss occurs.
The Flutter packages security advisory (GHSA-r465-vhm9-7r5h) confirms the issue was patched in file_selector_android version 0.5.1+12. Security practitioners should recommend updating to the latest version of file_selector_android to mitigate the vulnerability.
Details
- CWE(s)