4914 matches found
Design/Logic Flaw
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2024-21668
The CVE-2024-21668 entry concerns react-native-mmkv, a React Native library for MMKV. Before version 2.11.0, it logged the database encryption key to Android system logs, enabling potential retrieval via ADB and compromising confidentiality; iOS is not affected. The issue is mitigated by upgradin...
PT-2024-19010 · Unknown · React-Native-Mmkv
Name of the Vulnerable Software and Affected Versions: react-native-mmkv versions prior to 2.11.0 Description: The react-native-mmkv library logged the optional encryption key for the MMKV database into the Android system log before version 2.11.0. This allowed anyone with access to the Android...
React Native Log Information Disclosure Vulnerability
React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A log information disclosure vulnerability exists in versions prior to react-native-mmkv v2.11.0, which stems from the insertion of sensitive information into the log files of...
Malicious code in replit-extensions-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7462f6e9b4a4fb60632168e7333f43126c172c42dbe957ea9288df7461840fa1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-65 Malicious code in replit-extensions-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7462f6e9b4a4fb60632168e7333f43126c172c42dbe957ea9288df7461840fa1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
react-training.eu Improper Access Control vulnerability OBB-3825351
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious code in react-native-dual-pedometer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9acd69705b8c10caa5420e37e485d6406deb1e7006761f8316bdc7972c7cec69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8679 Malicious code in react-native-dual-pedometer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9acd69705b8c10caa5420e37e485d6406deb1e7006761f8316bdc7972c7cec69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-hook-form-latest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0cf2d07005ec432f85b35387c34d03f3229f9aaeeff947232ac2f58f6015853 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8670 Malicious code in react-hook-form-latest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0cf2d07005ec432f85b35387c34d03f3229f9aaeeff947232ac2f58f6015853 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-dom-16 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d4cfe9e9636852d3f77e9d66db174963751bf0c61eb2364bbee74ddff0b84c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8666 Malicious code in react-dom-16 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d4cfe9e9636852d3f77e9d66db174963751bf0c61eb2364bbee74ddff0b84c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in kratos-nextjs-react-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002a702a76a5afe71ba598cb987b7d8cb8624bd74161c63a0e642fb288083bb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8553 Malicious code in kratos-nextjs-react-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002a702a76a5afe71ba598cb987b7d8cb8624bd74161c63a0e642fb288083bb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in frontend-components-react-transpiled (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 463e9359f450d451e47eef2a46a82e6d6fe266ffa312c37239b9e2fda0a440fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in oasis-os-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6498095a1cca97f72b428b0ee87d8238a47478af4af6bb1c0519386b5a26247 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8520 Malicious code in oasis-os-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6498095a1cca97f72b428b0ee87d8238a47478af4af6bb1c0519386b5a26247 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +330 more potentially affected by CVE-2023-48219 via tinymce (>=4.5.1 <=5.10.8)
tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-48219 Source advisory: OSV:GHSA-V626-R774-J7F8...