Malicious code in california-state-web-template-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 91a0432190eb409c84a7c6bf3c06b34d9b7c4571be93f31b3635a925f4a4099e The OpenSSF Package Analysis project identified 'california-state-web-template-react' @ 9.2.1 npm as malicious. It is considered malicious...

@egalteam/framework-react-native (>=2.0.0 <=2.0.1), @kafudev/react-native-core (>=1.0.1 <=1.0.4) +5 more potentially affected by CVE-2024-21668 via react-native-mmkv (>=1.3.2 <=2.10.2)

react-native-mmkv NPM version =1.3.2, =2.0.0, =1.0.1, =0.64.1-rc.3, =0.64.1-rc.2, =0.64.3-0 Source cves: CVE-2024-21668 Source advisory: OSV:GHSA-4JH3-6JHV-2MGP...

react-native-mmkv Insertion of Sensitive Information into Log File vulnerability

Summary Before version v2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge ADB if it is enabled in the phone settings. This bug is not present on iOS...

CVE-2024-21668

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

Design/Logic Flaw

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

CVE-2024-21668

The CVE-2024-21668 entry concerns react-native-mmkv, a React Native library for MMKV. Before version 2.11.0, it logged the database encryption key to Android system logs, enabling potential retrieval via ADB and compromising confidentiality; iOS is not affected. The issue is mitigated by upgradin...

React Native Log Information Disclosure Vulnerability

React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A log information disclosure vulnerability exists in versions prior to react-native-mmkv v2.11.0, which stems from the insertion of sensitive information into the log files of...

PT-2024-19010 · Unknown · React-Native-Mmkv

Name of the Vulnerable Software and Affected Versions: react-native-mmkv versions prior to 2.11.0 Description: The react-native-mmkv library logged the optional encryption key for the MMKV database into the Android system log before version 2.11.0. This allowed anyone with access to the Android...

MAL-2024-65 Malicious code in replit-extensions-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7462f6e9b4a4fb60632168e7333f43126c172c42dbe957ea9288df7461840fa1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in replit-extensions-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7462f6e9b4a4fb60632168e7333f43126c172c42dbe957ea9288df7461840fa1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

react-training.eu Improper Access Control vulnerability OBB-3825351

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious code in react-native-dual-pedometer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9acd69705b8c10caa5420e37e485d6406deb1e7006761f8316bdc7972c7cec69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8679 Malicious code in react-native-dual-pedometer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9acd69705b8c10caa5420e37e485d6406deb1e7006761f8316bdc7972c7cec69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-hook-form-latest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0cf2d07005ec432f85b35387c34d03f3229f9aaeeff947232ac2f58f6015853 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8670 Malicious code in react-hook-form-latest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0cf2d07005ec432f85b35387c34d03f3229f9aaeeff947232ac2f58f6015853 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8666 Malicious code in react-dom-16 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d4cfe9e9636852d3f77e9d66db174963751bf0c61eb2364bbee74ddff0b84c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-dom-16 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d4cfe9e9636852d3f77e9d66db174963751bf0c61eb2364bbee74ddff0b84c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in kratos-nextjs-react-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002a702a76a5afe71ba598cb987b7d8cb8624bd74161c63a0e642fb288083bb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8553 Malicious code in kratos-nextjs-react-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002a702a76a5afe71ba598cb987b7d8cb8624bd74161c63a0e642fb288083bb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...