Khanh Pham

**Name of the Vulnerable Software and Affected Versions** Car App Android Jetpack Library versions prior to 1.7.0-beta02 **Description** The issue is related to a code execution vulnerability in the Car App Android Jetpack Library. Specifically, the `CarAppService` uses deserialization logic that allows the construction of arbitrary Java classes, which can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on the victim's device to attack any application that uses the vulnerable library. **Recommendations** For versions prior to 1.7.0-beta02, upgrade the library past version 1.7.0-beta02 to resolve the issue. As a temporary workaround, consider restricting the use of the `CarAppService` until a patch is available. Avoid using the vulnerable library in applications until the issue is resolved.