Vulnerability Details CVE-2024-10382
There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on victims device to be able to attack any application that uses vulnerable library. We recommend upgrading the library past version 1.7.0-beta02.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.5%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-10382
-
cpe:2.3:a:google:androidx.car.app:1.0.0
-
cpe:2.3:a:google:androidx.car.app:1.1.0
-
cpe:2.3:a:google:androidx.car.app:1.2.0
-
cpe:2.3:a:google:androidx.car.app:1.3.0
-
cpe:2.3:a:google:androidx.car.app:1.4.0
-
cpe:2.3:a:google:androidx.car.app:1.7.0