CVE-2022-29580

HIGH

Google Search < 13.41 - Path Traversal

Title source: rule

Description

There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41

References (1)

[Exploit, Vendor Advisory] https://support.google.com/faqs/answer/7496913?hl=en

Scores

CVSS v3 8.9

EPSS 0.0017

EPSS Percentile 37.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Classification

CWE

CWE-22 CWE-427

Status published

Affected Products (1)

google/google_search < 13.41

Timeline

Published Dec 13, 2022

Tracked Since Feb 18, 2026