CVE-2020-7745

Published: Oct 19, 2020Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Exploitability: 2.8 / Impact: 4.2

Source: report@snyk.io (Secondary)

Description

This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.

Affected (1)

Products: Mintegral: Mintegraladsdk

Mintegral

1 product

Mintegraladsdk

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mintegral Mintegraladsdk	Before 6.6.0.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

https://snyk.io/blog/remote-code-execution-rce-sourmint/

Source: report@snyk.io

Third Party Advisory

https://snyk.io/research/sour-mint-malicious-sdk/%23rce

Source: report@snyk.io

Broken Link

https://snyk.io/vuln/SNYK-COCOAPODS-MINTEGRALADSDK-1019377

Source: report@snyk.io

Third Party Advisory

https://www.youtube.com/watch?v=n-mEMkeoUqs

Source: report@snyk.io

ExploitThird Party Advisory

https://snyk.io/blog/remote-code-execution-rce-sourmint/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://snyk.io/research/sour-mint-malicious-sdk/%23rce

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://snyk.io/vuln/SNYK-COCOAPODS-MINTEGRALADSDK-1019377

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.youtube.com/watch?v=n-mEMkeoUqs

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.