CVE-2020-7384

Summary

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.

Affected Software

VendorProductVersion RangeStatus
Rapid7Metasploitunspecified < 4.19.0affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CVE Program Container

Additional References

References