React Native Keys
Monthly
react-native-keys version 0.7.11 contains a sensitive information disclosure vulnerability where encryption ciphers and Base64-encoded secrets are stored as plaintext in compiled native binaries, allowing attackers with network access to extract these credentials via static analysis of the binary. This affects all applications using the vulnerable library version, and the high CVSS score of 7.5 reflects the ease of exploitation (no authentication required) and significant confidentiality impact, though the practical risk depends on whether secrets are actually embedded at build time and the sensitivity of exposed data.
react-native-keys version 0.7.11 contains a sensitive information disclosure vulnerability where encryption ciphers and Base64-encoded secrets are stored as plaintext in compiled native binaries, allowing attackers with network access to extract these credentials via static analysis of the binary. This affects all applications using the vulnerable library version, and the high CVSS score of 7.5 reflects the ease of exploitation (no authentication required) and significant confidentiality impact, though the practical risk depends on whether secrets are actually embedded at build time and the sensitivity of exposed data.