CVE-2017-20181 MEDIUM

CVE-2017-20181: hgzojer Vocable Trainer VocableTrainerProvider.java path traversal

Vendor Hgzojer

Product Vocable Trainer

Weakness CWE-22 · Path traversal

Published March 6, 2023

Last update March 5, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

Description

A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.

Key dates

Disclosure timeline

March 6, 2023 CVE published

March 5, 2025 Record updated

Identifiers

CVE CVE-2017-20181

CWE CWE-22

CVSS 5.3 / MEDIUM

Affected versions

Vendor Hgzojer

Product Vocable Trainer

Affected 1.0

Vendor Hgzojer

Product Vocable Trainer

Affected 1.1

Vendor Hgzojer

Product Vocable Trainer

Affected 1.2

Vendor Hgzojer

Product Vocable Trainer

Affected 1.3