Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DoS vulnerability
Vulnerability Description
cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
可达断言
Vulnerability Title
cordova-plugin-fingerprint-aio 安全漏洞
Vulnerability Description
Cordova-Plugin-Fingerprint-Aio是德国Niklas Merz个人开发者的一个 Cordova 插件。用于指纹传感器(和 FaceId)。 cordova-plugin-fingerprint-aio 存在安全漏洞,该漏洞源于该插件导出的活动 de.niklasmerz.cordova.biometric.BiometricActivity 没有处理请求无效或空数据导致崩溃的情况。
CVSS Information
N/A
Vulnerability Type
N/A