CVE request: remote code execution in Android CTS

Posted by Lord Tuskington on Oct 19

CTS parses api-coverage.xsl without providing the FEATURE_SECURE_PROCESSING
option. See lines 60-67 of
cts/tools/cts-api-coverage/src/com/android/cts/apicoverage/HtmlReport.java:

InputStream xsl =
CtsApiCoverage.class.getResourceAsStream(“/api-coverage.xsl”);
StreamSource xslSource = new StreamSource(xsl);
TransformerFactory factory = TransformerFactory.newInstance();
Transformer transformer = factory.newTransformer(xslSource);…

Leave a Reply