react-native-keys insecurely stores encryption cipher and Base64 chunks
- Severity:
- High
Description
react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.7.11
References
Related Issues
- Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes - CVE-2024-6485
- nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR - CVE-2024-34343
- Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] - CVE-2025-27793
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) - CVE-2024-52810
- Tags:
- npm
- react-native-keys
Anything's wrong? Let us know Last updated on July 02, 2025