5 matches found
CVE-2020-24653
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHENUNLOCKEDTHISDEVICEONLY is used...
2c2p-integration (>=0.2.0 <=0.2.2), 4help-shared (>=1.0.8 <=1.0.15) +1298 more potentially affected by CVE-2020-24653 via expo (>=1.0.0 <=57.0.0-canary-20260526-13e89ca)
expo NPM version =1.0.0, =0.2.0, =1.0.8, =0.3.31, =0.1.0, =0.0.1, =0.0.1, =0.0.3, =2.5.0, =1.0.0, =1.0.0, =0.1.0, =0.1.8 - @ariveroi/react-native-ui =0.1.0 and more Source cves: CVE-2020-24653 Source advisory: OSV:GHSA-RWX9-WQJ8-VR77...
CVE-2020-24653
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHENUNLOCKEDTHISDEVICEONLY is used...
CVE-2020-24653
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHENUNLOCKEDTHISDEVICEONLY is used...
CVE-2020-24653
Summary: CVE-2020-24653 affects Expo’s secure-store on iOS up to 2.16.1, where the app uses the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is selected. This misconfiguration can expose protected data due to the accessibility attribute, with high imp...