android-minsdk-21: AndroidManifest.xml minSdkVersion Set to 21 (Insecure Minimum SDK Version)

日期: 2025-08-01 | 影响软件: android | POC: 已公开

漏洞描述

The AndroidManifest.xml file specifies the minSdkVersion as 21, which permits the application to run on devices with outdated Android versions. Older Android platforms may lack essential security features and are more likely to contain known vulnerabilities, increasing the overall risk to the application and its users.

PoC代码[已公开]

id: android-minsdk-21

info:
  name: AndroidManifest.xml minSdkVersion Set to 21 (Insecure Minimum SDK Version)
  author: Th3l0newolf
  severity: medium
  description: |
    The AndroidManifest.xml file specifies the minSdkVersion as 21, which permits the application to run on devices with outdated Android versions. Older Android platforms may lack essential security features and are more likely to contain known vulnerabilities, increasing the overall risk to the application and its users.
  metadata:
    verified: true
    github-query: path:**/AndroidManifest.xml
  tags: android,file

file:
  - extensions:
      - xml

    matchers:
      - type: regex
        part: body
        regex:
          - "android:minSdkVersion\\s*=\\s*['\"]21['\"]"
# digest: 4a0a00473045022100db31ac3dc79f5a0d16e07cb7b5b5ba6fee98cb1b330a700e229a0dc9acfd421c02202b02d824b74ffd5db6129527a8f2892238d26e23248662526c66799ad8d4a084:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/android/android-minsdk-21.yaml

相关漏洞推荐