689 matches found
React Native Security Vulnerabilities
React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A security vulnerability exists in React Native Document Picker versions prior to v.9.1.1, which stems from a path traversal vulnerability in the component Android library...
@egalteam/framework-react-native (>=2.0.0 <=2.0.1), @kafudev/react-native-core (>=1.0.1 <=1.0.4) +5 more potentially affected by CVE-2024-21668 via react-native-mmkv (>=1.3.2 <=2.10.2)
react-native-mmkv NPM version =1.3.2, =2.0.0, =1.0.1, =0.64.1-rc.3, =0.64.1-rc.2, =0.64.3-0 Source cves: CVE-2024-21668 Source advisory: OSV:GHSA-4JH3-6JHV-2MGP...
react-native-mmkv Insertion of Sensitive Information into Log File vulnerability
Summary Before version v2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge ADB if it is enabled in the phone settings. This bug is not present on iOS...
CVE-2024-21668
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
Design/Logic Flaw
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2024-21668
The CVE-2024-21668 entry concerns react-native-mmkv, a React Native library for MMKV. Before version 2.11.0, it logged the database encryption key to Android system logs, enabling potential retrieval via ADB and compromising confidentiality; iOS is not affected. The issue is mitigated by upgradin...
React Native Log Information Disclosure Vulnerability
React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A log information disclosure vulnerability exists in versions prior to react-native-mmkv v2.11.0, which stems from the insertion of sensitive information into the log files of...
PT-2024-19010 · Unknown · React-Native-Mmkv
Name of the Vulnerable Software and Affected Versions: react-native-mmkv versions prior to 2.11.0 Description: The react-native-mmkv library logged the optional encryption key for the MMKV database into the Android system log before version 2.11.0. This allowed anyone with access to the Android...
Malicious code in react-native-dual-pedometer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9acd69705b8c10caa5420e37e485d6406deb1e7006761f8316bdc7972c7cec69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8679 Malicious code in react-native-dual-pedometer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9acd69705b8c10caa5420e37e485d6406deb1e7006761f8316bdc7972c7cec69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-native-transcribe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bb4e6ce35475e387bd3dc85d83e20eeb1c4cd4ad8f4c8ccc7792928c87ddc18c The OpenSSF Package Analysis project identified 'react-native-transcribe' @ 1.3.0 npm as malicious. It is considered malicious because: - The...
MAL-2023-8321 Malicious code in react-native-transcribe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bb4e6ce35475e387bd3dc85d83e20eeb1c4cd4ad8f4c8ccc7792928c87ddc18c The OpenSSF Package Analysis project identified 'react-native-transcribe' @ 1.3.0 npm as malicious. It is considered malicious because: - The...
MAL-2023-1535 Malicious code in stripe-identity-react-native-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb5d2bc0139deaa57cabe88a2bee12171f6b1348c6a8ae5227efd82ec4a556af The OpenSSF Package Analysis project identified 'stripe-identity-react-native-example' @ 1.0.0 npm as malicious. It is considered malicious...
Malicious code in stripe-identity-react-native-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb5d2bc0139deaa57cabe88a2bee12171f6b1348c6a8ae5227efd82ec4a556af The OpenSSF Package Analysis project identified 'stripe-identity-react-native-example' @ 1.0.0 npm as malicious. It is considered malicious...
Malicious code in react-native-transparent-video (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfc4c56c3c11c9b9f70d9cc95f941b8549be2b5b18c367c51ed8d531cb0f2ca6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1441 Malicious code in react-native-transparent-video (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfc4c56c3c11c9b9f70d9cc95f941b8549be2b5b18c367c51ed8d531cb0f2ca6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1310 Malicious code in stripe-terminal-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e6a4f5507735b6704fa9b04425050a6609564e66e4ad031bbc07e7900ce5610 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in stripe-terminal-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e6a4f5507735b6704fa9b04425050a6609564e66e4ad031bbc07e7900ce5610 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-23557
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScrip...