689 matches found
CVE-2021-4438
CVE-2021-4438 affects kyivstarteam/react-native-sms-user-consent up to 1.1.4 on Android. The issue lies in SmsUserConsentModule.kt, registerReceiver, causing improper export of Android components. Local attack is required. Upgrading to version 1.1.5 fixes the vulnerability (patch: 5423dcb0cd3e4d5...
CVE-2021-4438 kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application components
A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...
React Native Sms User Consent 安全漏洞
React Native Sms User Consent is an open source library by Kyivstar Tech Digital. A security vulnerability exists in React Native Sms User Consent 1.1.4 and earlier versions, which stems from a security issue in the registerReceiver function in...
MAL-2024-1118 Malicious code in eng-intern-assessment-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89b4034292e246b7a29d48d5132016c2ae8beb78c0b6a0794d515aa811e5cc59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in eng-intern-assessment-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89b4034292e246b7a29d48d5132016c2ae8beb78c0b6a0794d515aa811e5cc59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Information Disclosure
@sentry/react-native is vulnerable to Information Disclosure. The vulnerability is due to allowing auth tokens to be set in the optional authToken configuration parameter. This flaw potentially leads to Information Disclosure when built into the application bundle and published...
minibili (>=0.3.0 <=0.3.1), perf-hook (>=1.0.1 <=1.0.4) +2 more potentially affected by unknown CVE via @sentry/react-native (>=5.16.0 <=5.17.0)
@sentry/react-native NPM version =5.16.0, =0.3.0, =1.0.1, =1.2.3, =1.2.7 - sentry-expo =7.2.0 Source cves: unknown CVE Source advisory: OSV:GHSA-68C2-4MPX-QH95...
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Impact SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be...
GHSA-68C2-4MPX-QH95 Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Impact SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be...
React Native Document Picker Directory Traversal vulnerability
Directory Traversal vulnerability in React Native Document Picker before 8.2.2 and 9.x before 9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...
@armiasystems/react-native-armia-chat-sdk (>=1.0.8 <=1.0.9), @kafudev/react-native-core (>=1.0.1 <=1.0.4) +42 more potentially affected by CVE-2024-25466 via react-native-document-picker (>=2.3.0 <=8.2.0)
react-native-document-picker NPM version =2.3.0, =1.0.8, =1.0.1, =0.64.1-beta.46, =0.5.0, =0.0.8, =0.0.14, =0.0.186, =0.0.5, =2.46.0, =1.0.0, =0.0.24, =0.0.1, =1.1.12 - abc123efgh =1.0.0 and more Source cves: CVE-2024-25466 Source advisory: OSV:GHSA-PMGM-H3CC-M4HJ...
GHSA-PMGM-H3CC-M4HJ React Native Document Picker Directory Traversal vulnerability
Directory Traversal vulnerability in React Native Document Picker before 8.2.2 and 9.x before 9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...
@icanbwell/composite (>=1.89.4 <=1.202.0), @icanbwell/native-components (>=0.21.6 <=0.31.0) +4 more potentially affected by CVE-2024-25466 via react-native-document-picker (>=9.0.1 <=9.1.0)
react-native-document-picker NPM version =9.0.1, =1.89.4, =0.21.6, =0.14.5, =1.1.0, =1.8.0 - @likeminds.community/feed-rn-core =0.6.0 - @likeminds.community/feed-rn-core-beta =0.0.1 Source cves: CVE-2024-25466 Source advisory: OSV:GHSA-PMGM-H3CC-M4HJ...
CVE-2024-25466
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...
CVE-2024-25466
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...
Directory traversal
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...
PT-2024-20960 · Unknown · React Native Document Picker
Name of the Vulnerable Software and Affected Versions: React Native Document Picker versions prior to 9.1.1 React Native Document Picker version 8.2.2 and earlier Description: A Directory Traversal issue allows a local attacker to execute arbitrary code via a crafted script to the Android library...
CVE-2024-25466
CVE-2024-25466 is a directory traversal vulnerability in React Native Document Picker affecting versions prior to 9.1.1 . The root cause is an Android library component that processes crafted scripts, allowing a local attacker to execute arbitrary code. The vulnerability is fixed in version 9.1.1...
CVE-2024-25466
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...
CVE-2024-25466
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...