I have an android application uploaded in google play store which uses Adobe Creative SDK. I have recently got an alert from play console that the app contains an unsafe unzipping pattern that may lead to a Path Traversal vulnerability at location com.adobe.android.common.util.b.a .I think it is a bug from adobe creative sdk and needs to be resolved by them. Can any one know how to fix this issue?
Asked
Active
Viewed 3,825 times
1 Answers
1
A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files.
Google play has recently warned some app publishers about this security risk. As explained above, this kind of security risk is caused by for example unzipping a file using a relative path (for example using ../ at the beginning), so it could be used to overwrite a file or directory.
As you don't have access to Adobe Creative SDK code you should submit an issue for its publisher in order to inform them of this warning.
For those who are unzipping the file inside their own code and have come about this warning, try this it may solve the issue also have a look at this.
Mostafa Arian Nejad
- 1,278
- 1
- 19
- 32