Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yd3g5LXdxajgtdnI3N84AAluo
Expo on iOS is insecure due incorrect security attribute application
secure-store in Expo through 9.1.0 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used.
Permalink: https://github.com/advisories/GHSA-rwx9-wqj8-vr77JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yd3g5LXdxajgtdnI3N84AAluo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-rwx9-wqj8-vr77, CVE-2020-24653
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-24653
- https://github.com/expo/expo/pull/9264
- https://github.com/expo/expo/commit/1d82bf07fae2c96273e9189997e521359cffc1a9#diff-5b2820f378da980bd8a8185e2e1b2f9ce085d834534483f29c67932f282cc5c9
- https://github.com/expo/expo/blob/main/packages/expo-secure-store/CHANGELOG.md
- https://github.com/advisories/GHSA-rwx9-wqj8-vr77
Blast Radius: 0.0
Affected Packages
npm:expo
Dependent packages: 1,965Dependent repositories: 165,704
Downloads: 2,735,193 last month
Affected Version Ranges: < 9.1.0
Fixed in: 9.1.0
All affected versions: 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 1.0.0
All unaffected versions: 14.0.0, 14.0.1, 14.0.2, 15.0.0, 15.0.1, 15.0.2, 15.1.2, 15.1.3, 16.0.0, 17.0.0, 18.0.0, 18.0.1, 18.0.2, 18.0.3, 18.0.4, 18.0.5, 18.0.6, 18.0.8, 18.0.9, 19.0.0, 19.0.1, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 20.0.4, 20.0.5, 20.1.0, 20.1.1, 20.1.2, 20.1.3, 20.1.4, 21.0.0, 21.0.1, 21.0.2, 21.0.3, 22.0.0, 22.0.1, 22.0.2, 22.0.3, 22.0.4, 22.1.0, 23.0.0, 23.0.1, 23.0.2, 23.0.3, 23.0.4, 23.0.5, 23.0.6, 23.1.0, 23.1.1, 24.0.0, 24.0.1, 24.0.2, 24.0.3, 24.1.0, 24.1.1, 25.0.0, 25.0.1, 25.1.0, 25.1.1, 25.1.2, 26.0.0, 26.1.0, 26.1.1, 27.0.0, 27.0.1, 27.0.2, 27.1.0, 27.1.1, 28.0.0, 28.0.1, 29.0.0, 29.0.1, 30.0.0, 30.0.1, 30.0.2, 31.0.0, 31.0.1, 31.0.2, 31.0.3, 31.0.4, 31.0.5, 31.0.6, 32.0.0, 32.0.1, 32.0.2, 32.0.3, 32.0.4, 32.0.5, 32.0.6, 33.0.0, 33.0.1, 33.0.2, 33.0.3, 33.0.4, 33.0.5, 33.0.6, 33.0.7, 34.0.1, 34.0.2, 34.0.3, 34.0.4, 35.0.0, 35.0.1, 36.0.0, 36.0.1, 36.0.2, 37.0.0, 37.0.1, 37.0.2, 37.0.3, 37.0.4, 37.0.5, 37.0.6, 37.0.7, 37.0.8, 37.0.9, 37.0.10, 37.0.11, 37.0.12, 38.0.0, 38.0.1, 38.0.2, 38.0.3, 38.0.4, 38.0.5, 38.0.6, 38.0.7, 38.0.8, 38.0.9, 38.0.10, 38.0.11, 39.0.0, 39.0.1, 39.0.2, 39.0.3, 39.0.4, 39.0.5, 40.0.0, 40.0.1, 41.0.0, 41.0.1, 42.0.0, 42.0.1, 42.0.2, 42.0.3, 42.0.4, 42.0.5, 43.0.0, 43.0.1, 43.0.2, 43.0.3, 43.0.4, 43.0.5, 44.0.0, 44.0.1, 44.0.2, 44.0.3, 44.0.4, 44.0.5, 44.0.6, 45.0.0, 45.0.1, 45.0.2, 45.0.3, 45.0.4, 45.0.5, 45.0.6, 45.0.7, 45.0.8, 46.0.0, 46.0.1, 46.0.2, 46.0.3, 46.0.4, 46.0.5, 46.0.6, 46.0.7, 46.0.8, 46.0.9, 46.0.10, 46.0.11, 46.0.12, 46.0.13, 46.0.14, 46.0.15, 46.0.16, 46.0.17, 46.0.18, 46.0.19, 46.0.20, 46.0.21, 47.0.0, 47.0.1, 47.0.2, 47.0.3, 47.0.4, 47.0.5, 47.0.6, 47.0.7, 47.0.8, 47.0.9, 47.0.10, 47.0.11, 47.0.12, 47.0.13, 47.0.14, 48.0.0, 48.0.1, 48.0.2, 48.0.3, 48.0.4, 48.0.5, 48.0.6, 48.0.7, 48.0.8, 48.0.9, 48.0.10, 48.0.11, 48.0.12, 48.0.13, 48.0.14, 48.0.15, 48.0.16, 48.0.17, 48.0.18, 48.0.19, 48.0.20, 48.0.21, 49.0.0, 49.0.1, 49.0.2, 49.0.3, 49.0.4, 49.0.5, 49.0.6, 49.0.7, 49.0.8, 49.0.9, 49.0.10, 49.0.11, 49.0.12, 49.0.13, 49.0.14, 49.0.15, 49.0.16, 49.0.17, 49.0.18, 49.0.19, 49.0.20, 49.0.21, 49.0.22, 49.0.23, 50.0.0, 50.0.1, 50.0.2, 50.0.3, 50.0.4, 50.0.5, 50.0.6, 50.0.7, 50.0.8, 50.0.9, 50.0.10, 50.0.11, 50.0.12, 50.0.13, 50.0.14, 50.0.15, 50.0.16, 50.0.17, 50.0.18, 51.0.0, 51.0.1, 51.0.2, 51.0.3, 51.0.4, 51.0.5, 51.0.6, 51.0.7, 51.0.8