Описание
react-native-keys insecurely stores encryption cipher and Base64 chunks
react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.
Пакеты
Наименование
react-native-keys
npm
Затронутые версииВерсия исправления
<= 0.7.11
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
8 месяцев назад
react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.