CVE-2022-0219

MEDIUM

skylot/jadx <1.3.2 - XML External Entity Reference

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-0219. PoCs published by Haxatron.

AI-analyzed exploit summary This repository contains a writeup for CVE-2022-0219, detailing an XXE vulnerability in Jadx when processing malicious APK files. The vulnerability allows local file disclosure or DoS when exporting APKs via the CLI or library usage.

Description

Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2.

Exploits (1)

nomisec WRITEUP
by Haxatron · poc
https://github.com/Haxatron/CVE-2022-0219

This repository contains a writeup for CVE-2022-0219, detailing an XXE vulnerability in Jadx when processing malicious APK files. The vulnerability allows local file disclosure or DoS when exporting APKs via the CLI or library usage.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Jadx < 1.3.2
No auth needed
Prerequisites: Malicious APK file with crafted XML entities · Access to Jadx CLI or library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/0d093863-29e8-4dd7-a885-64f76d50bf5e

Scores

CVSS v3 5.5
EPSS 0.0050
EPSS Percentile 66.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-611
Status published
Products (2)
io.github.skylot/jadx-core 0 - 1.3.2Maven
jadx_project/jadx < 1.3.2
Published Jan 20, 2022
Tracked Since Feb 18, 2026