GHSA-fj44-h6xw-896g

Suggest an improvement
Source
https://github.com/advisories/GHSA-fj44-h6xw-896g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-fj44-h6xw-896g/GHSA-fj44-h6xw-896g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-fj44-h6xw-896g
Aliases
Published
2025-06-09T18:32:16Z
Modified
2025-07-02T20:29:47.356162Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
react-native-keys insecurely stores encryption cipher and Base64 chunks
Details

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.

Database specific 
{
    "severity": "HIGH",
    "github_reviewed_at": "2025-07-02T19:46:05Z",
    "cwe_ids": [
        "CWE-312"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2025-06-09T17:15:29Z"
}
References

Affected packages

npm / react-native-keys

Package

Name
react-native-keys
View open source insights on deps.dev
Purl
pkg:npm/react-native-keys

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.7.11