Full title: Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download Exploit 
Category: dos / poc
Platform: Android
There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gmail app can access.

# 0day.today @ http://0day.today/