CVE-2021-21386

Name of the Vulnerable Software and Affected Versions APKLeaks versions prior to 2.0.6-dev

Description APKLeaks is an open-source project for scanning APK files for URIs, endpoints, and secrets. The issue allows remote attackers to execute arbitrary OS commands via the package name inside the application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified, or could cause other unintended behavior through malicious package name.

Recommendations For versions prior to 2.0.6-dev, update to version 2.0.6-dev or above to resolve the issue. As a temporary workaround, consider restricting the use of the package name inside the application manifest to minimize the risk of exploitation.