mvt@2.1.6

Mobile Verification Toolkit

  • latest version

    2026.5.12

  • latest non vulnerable version

  • first published

    4 years ago

  • latest version published

    1 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the mvt package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Directory Traversal

    Affected versions of this package are vulnerable to Directory Traversal via the fileID field from Manifest.db being used directly in filesystem path construction without validation. An attacker can cause arbitrary files to be read from or written to locations outside the intended backup directory by supplying a crafted iOS backup with traversal sequences in the fileID. This can result in attacker-controlled content being written to arbitrary paths or sensitive files being accessed, potentially leading to code execution or information disclosure. This is only exploitable if a specifically crafted malicious backup bundle is parsed by the analyst, and, for file reading, the attacker must know or guess the analyst's directory layout and provide a file matching the expected schema.

    How to fix Directory Traversal?

    Upgrade mvt to version 2026.5.12 or higher.

    [,2026.5.12)