CNNVD-202512-2202 Information

CNNVD ID

CNNVD-202512-2202

Related CVE

CVE-2025-14516

• CNNVD Published: 2025-12-11

Description (Chinese)

uCrop是Yalantis开源的一个安卓图像裁剪库。 uCrop 2.2.11版本存在代码问题漏洞，该漏洞源于组件URL Handler的文件com.yalantis.ucrop.task.BitmapLoadTask.java中函数downloadFile存在缺陷，可能导致服务端请求伪造。

Description (English)

uCrop is an Android image tailoring library from the opening source of Yalaantis. Version uCrop 2.2.11 has a code problem loophole, which originates from the document of component URL Handler co.yalantis.ucrops.task.BitmapLoadTask.java ’ s mid-function downloadFile is defective and may lead to forgery by service-level requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Yalantis

Published

2025-12-11

Last Modified

2026-02-24

References

https://mesquite-dream-86b.notion.site/uCrop-Library-SSRF-and-Intent-Spoofing-2b8512562197804dae69edf96b942446 https://mesquite-dream-86b.notion.site/uCrop-Library-SSRF-and-Intent-Spoofing-2b8512562197804dae69edf96b942446?pvs=25#039fe30a92dc4ed88c9b03f85418e92e https://vuldb.com/?ctiid.335854 https://vuldb.com/?id.335854 https://vuldb.com/?submit.702810