The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific filesReferenceshttps://www.vivo.com/en/support/security-advisory-detail?id=13