Skip to main content

Expo Software Development Kit

1 CVEs product

Monthly

CVE-2023-28131 npm CRITICAL PATCH Act Now

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Expo Software Development Kit
NVD
CVSS 3.1
9.6
EPSS
23.0%
EPSS 23% CVSS 9.6
CRITICAL PATCH Act Now

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Expo Software Development Kit
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy