skylot/jadx

skylot/jadx

Releases35

Frequency4 months 2 weeks

Last Release 4 months ago

Stars49K

Dex to Java decompiler

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-32653 ↗	Apr 22, 2024Monday, 22 April 2024, 23:15	6.1 MEDIUM	—
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability.
CVE-2022-39259 ↗	Oct 21, 2022Friday, 21 October 2022, 23:15	3.3 LOW	—
jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds.
CVE-2022-0219 ↗	Jan 20, 2022Thursday, 20 January 2022, 17:15	5.5 MEDIUM	4.3 MEDIUM
Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2.