CVE-2021-4438

描述

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function `registerReceiver` of the file `android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt`. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508.

如何修補 CVE-2021-4438

要修補 CVE-2021-4438,請將受影響套件升級到下列已修補版本。

• —升級至 1.1.5 或更新版本

CVE-2021-4438 正在被利用嗎?

低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 1.1.5

CVSS 分數

參考連結(7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-4438
• PATCHgithub.com/kyivstarteam/react-native-sms-user-consent
• WEBgithub.com/kyivstarteam/react-native-sms-user-consent/commit/5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7
• WEBgithub.com/kyivstarteam/react-native-sms-user-consent/pull/4