@glow-app/glow-react (>=0.6.0 <=1.0.1), @glow-app/solana-client (>=0.5.2 <=1.0.4) +17 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.44.0 <=1.44.2)

@solana/web3.js NPM version =1.44.0, =0.6.0, =0.5.2, =1.1.0, =0.1.0, =1.0.5, =4.1.2, =4.1.3, =4.1.3, =0.1.20, =0.2.40, =3.2.0, =0.0.50, =0.1.0, =0.1.2 and more Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

React Native Sms User Consent Intent Redirection Vulnerability

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2021-4438

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2021-4438

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2021-4438 kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application components

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2021-4438

CVE-2021-4438 affects kyivstarteam/react-native-sms-user-consent up to 1.1.4 on Android. The issue lies in SmsUserConsentModule.kt, registerReceiver, causing improper export of Android components. Local attack is required. Upgrading to version 1.1.5 fixes the vulnerability (patch: 5423dcb0cd3e4d5...

CVE-2021-4438 kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application components

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

React Native Sms User Consent 安全漏洞

React Native Sms User Consent is an open source library by Kyivstar Tech Digital. A security vulnerability exists in React Native Sms User Consent 1.1.4 and earlier versions, which stems from a security issue in the registerReceiver function in...

MAL-2024-1129 Malicious code in espn-react-oneid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4692f32d575cbdbf797aea5aabd0d50c4015884bfac1ce7b40006443bd8759f6 The OpenSSF Package Analysis project identified 'espn-react-oneid' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in espn-react-oneid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4692f32d575cbdbf797aea5aabd0d50c4015884bfac1ce7b40006443bd8759f6 The OpenSSF Package Analysis project identified 'espn-react-oneid' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-1116 Malicious code in custom-banner-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34d3a0ada39e2fd82258a3fc7c24701af1389dc5d9de771dd18d930e9ccc2ad3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1118 Malicious code in eng-intern-assessment-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89b4034292e246b7a29d48d5132016c2ae8beb78c0b6a0794d515aa811e5cc59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in eng-intern-assessment-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89b4034292e246b7a29d48d5132016c2ae8beb78c0b6a0794d515aa811e5cc59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in frosmo-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49ad426e0403cbb83406507bc9ee1c54e3c62183174858cd77bd8d4f0d52cbd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Information Disclosure

@sentry/react-native is vulnerable to Information Disclosure. The vulnerability is due to allowing auth tokens to be set in the optional authToken configuration parameter. This flaw potentially leads to Information Disclosure when built into the application bundle and published...

BloodHound - Six Degrees Of Domain Admin

BloodHound is a monolithic web application composed of an embedded React frontend with Sigma.js and a Go based REST API backend. It is deployed with a Postgresql application database and a Neo4j graph database, and is fed by the SharpHound and AzureHound data collectors. BloodHound uses graph...

minibili (>=0.3.0 <=0.3.1), perf-hook (>=1.0.1 <=1.0.4) +2 more potentially affected by unknown CVE via @sentry/react-native (>=5.16.0 <=5.17.0)

@sentry/react-native NPM version =5.16.0, =0.3.0, =1.0.1, =1.2.3, =1.2.7 - sentry-expo =7.2.0 Source cves: unknown CVE Source advisory: OSV:GHSA-68C2-4MPX-QH95...

Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin

Impact SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be...

GHSA-68C2-4MPX-QH95 Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin

Impact SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be...

React Native Document Picker Directory Traversal vulnerability

Directory Traversal vulnerability in React Native Document Picker before 8.2.2 and 9.x before 9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...