13 matches found
EUVD-2024-0246
Malicious code in bioql PyPI...
CVE-2024-21668
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
Sensitive Information Disclosure
react-native-mmkv is vulnerable to Sensitive Information Disclosure. The vulnerability is due to logging the encryption key for the MMKV database into the Android system log. This issue can be exploited by an attacker via accessing to the Android Debugging Bridge resulting in sensitive informatio...
GHSA-4JH3-6JHV-2MGP react-native-mmkv Insertion of Sensitive Information into Log File vulnerability
Summary Before version v2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge ADB if it is enabled in the phone settings. This bug is not present on iOS...
@egalteam/framework-react-native (>=2.0.0 <=2.0.1), @kafudev/react-native-core (>=1.0.1 <=1.0.4) +5 more potentially affected by CVE-2024-21668 via react-native-mmkv (>=1.3.2 <=2.10.2)
react-native-mmkv NPM version =1.3.2, =2.0.0, =1.0.1, =0.64.1-rc.3, =0.64.1-rc.2, =0.64.3-0 Source cves: CVE-2024-21668 Source advisory: OSV:GHSA-4JH3-6JHV-2MGP...
react-native-mmkv Insertion of Sensitive Information into Log File vulnerability
Summary Before version v2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge ADB if it is enabled in the phone settings. This bug is not present on iOS...
CVE-2024-21668
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
Design/Logic Flaw
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2024-21668
The CVE-2024-21668 entry concerns react-native-mmkv, a React Native library for MMKV. Before version 2.11.0, it logged the database encryption key to Android system logs, enabling potential retrieval via ADB and compromising confidentiality; iOS is not affected. The issue is mitigated by upgradin...
CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
React Native Log Information Disclosure Vulnerability
React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A log information disclosure vulnerability exists in versions prior to react-native-mmkv v2.11.0, which stems from the insertion of sensitive information into the log files of...
PT-2024-19010 · Unknown · React-Native-Mmkv
Name of the Vulnerable Software and Affected Versions: react-native-mmkv versions prior to 2.11.0 Description: The react-native-mmkv library logged the optional encryption key for the MMKV database into the Android system log before version 2.11.0. This allowed anyone with access to the Android...