CVE-2024-21668

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

@egalteam/framework-react-native (>=2.0.0 <=2.0.1), @kafudev/react-native-core (>=1.0.1 <=1.0.4) +5 more potentially affected by CVE-2024-21668 via react-native-mmkv (>=1.3.2 <=2.10.2)

react-native-mmkv NPM version =1.3.2, =2.0.0, =1.0.1, =0.64.1-rc.3, =0.64.1-rc.2, =0.64.3-0 Source cves: CVE-2024-21668 Source advisory: OSV:GHSA-4JH3-6JHV-2MGP...

CVE-2024-21668

The CVE-2024-21668 entry concerns react-native-mmkv, a React Native library for MMKV. Before version 2.11.0, it logged the database encryption key to Android system logs, enabling potential retrieval via ADB and compromising confidentiality; iOS is not affected. The issue is mitigated by upgradin...

CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

PT-2024-19010 · Unknown · React-Native-Mmkv

Name of the Vulnerable Software and Affected Versions: react-native-mmkv versions prior to 2.11.0 Description: The react-native-mmkv library logged the optional encryption key for the MMKV database into the Android system log before version 2.11.0. This allowed anyone with access to the Android...