CVE-2022-0219

Name of the Vulnerable Software and Affected Versions skylot/jadx versions prior to 1.3.2

Description The issue is related to an improper restriction of XML external entity references. This can be exploited when a user is tricked into exporting a malicious APK file, containing a crafted AndroidManifest.xml or strings.xml, to gradle. This could lead to possible local file disclosure.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -e option when exporting APK files to prevent potential exploitation. Restrict access to sensitive files and directories to minimize the risk of local file disclosure.