Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insertion of Sensitive Information into Log File in react-native-mmkv
Vulnerability Description
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
React Native 日志信息泄露漏洞
Vulnerability Description
React Native是开源的一个JavaScript框架。用于构建用户界面和本机应用程序。 react-native-mmkv v2.11.0之前版本存在日志信息泄露漏洞,该漏洞源于将敏感信息插入到了react-native-mmkv的日志文件中,导致存在日志信息泄露漏洞。
CVSS Information
N/A
Vulnerability Type
N/A