CVE-2023-36612

Name of the Vulnerable Software and Affected Versions com.basecamp.bc3 versions prior to 4.2.1

Description Directory traversal can occur in the com.basecamp.bc3 application, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses, containing sensitive information, to third-party applications by using a custom-crafted deeplink scheme.

Recommendations For versions prior to 4.2.1, update to version 4.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of custom-crafted deeplink schemes to minimize the risk of exploitation. Avoid using malicious intents that could redirect server responses to third-party applications until the issue is resolved.