Vulnerability Database

296,202

Total vulnerabilities in the database

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • Published: Nov 13, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-43093
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Software From Fixed in
google / android 12.0 12.0.x
google / android 13.0 13.0.x
google / android 14.0 14.0.x
google / android 15.0 15.0.x