CVE-2021-43849
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-43849
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43849.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-43849
- Aliases
- Related
- Published
- 2021-12-23T17:15:07Z
- Modified
- 2025-01-15T02:08:28.512759Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity
de.niklasmerz.cordova.biometric.BiometricActivitycan cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible. - References
Affected packages
Git / github.com/niklasmerz/cordova-plugin-fingerprint-aio
Affected ranges
- Type
- GIT
- Repo
- https://github.com/niklasmerz/cordova-plugin-fingerprint-aio
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed