CNNVD-202512-2201 Information

CNNVD ID

CNNVD-202512-2201

Related CVE

CVE-2025-14517

• CNNVD Published: 2025-12-11

Description (Chinese)

uCrop是Yalantis开源的一个安卓图像裁剪库。 uCrop 2.2.11版本存在安全漏洞，该漏洞源于文件AndroidManifest.xml中函数UCropActivity导出不当，可能导致Android应用组件不当导出。

Description (English)

uCrop is an Android image tailoring library from the opening source of Yalaantis. uCrop 2.2.11 has a security loophole, which stems from the inappropriate export of the UCropActivity function in document AndroidManifest.xml, which may lead to the inappropriate export of Android application components.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Yalantis

Published

2025-12-11

Last Modified

2026-02-24

References

https://mesquite-dream-86b.notion.site/uCrop-Library-SSRF-and-Intent-Spoofing-2b8512562197804dae69edf96b942446#469832583e0444dcb3d08b0ca661d1c6 https://mesquite-dream-86b.notion.site/uCrop-Library-SSRF-and-Intent-Spoofing-2b8512562197804dae69edf96b942446?source=copy_link https://vuldb.com/?ctiid.335855 https://vuldb.com/?id.335855 https://vuldb.com/?submit.702811