cordova-plugin-firebasex icon indicating copy to clipboard operation
cordova-plugin-firebasex copied to clipboard

Published 20 hours ago verified publisher icon dpa99c

com.google.android.recaptcha:recaptcha:18.1.2 security warning

Open kikino1989 opened this issue 1 year ago • 9 comments
trafficstars

We are getting the following security warning regarding the reCAPTCHA Enterprice for Mobile SDK:

_This SDK version has a note from the SDK developer. Here's what the SDK developer told us:

A critical security vulnerability was discovered in reCAPTCHA Enterprise for Mobile. The vulnerability has been patched in the latest SDK release. Customers will need to update their Android application with the reCAPTCHA Enterprise for Mobile SDK, version 18.4.0 or above. We strongly recommend you update to the latest version as soon as possible._

As far as we have been able to find, the only references to that SDK are in the cordvoa-plugin-firebasex plugin.

Great job on this plugin, keep it up.

Environment information Ionic:

Ionic CLI : 7.1.1 (/usr/local/lib/node_modules/@ionic/cli) Ionic Framework : @ionic/angular 5.9.4 @angular-devkit/build-angular : 12.2.18 @angular-devkit/schematics : 12.2.18 @angular/cli : 12.2.18 @ionic/angular-toolkit : 5.0.3

Cordova:

Cordova CLI : 11.1.0 Cordova Platforms : android 12.0.1, browser 6.0.0, ios 7.0.1, windows 7.0.1 (deprecated) Cordova Plugins : cordova-plugin-ionic-webview 5.0.0, (and 22 other plugins)

Utility:

cordova-res : 0.15.4 native-run : 2.0.1

System:

ios-deploy : 1.11.4 ios-sim : 8.0.2 NodeJS : v16.16.0 (/usr/local/bin/node) npm : 10.2.3 OS : macOS Unknown Xcode : Xcode 15.2 Build version 15C500b

kikino1989 avatar Feb 05 '24 17:02 kikino1989

I have the same problem. I have read that if you add the line to the bundle.gradle: implementation ‘com.google.android.recaptcha:recaptcha:18.4.0’ It is solved but when I compile, that line disappears so the problem continues. I don't use firebase authentication or recaptcha. Can you help me, please. Thanks

anuskaoo avatar Feb 08 '24 12:02 anuskaoo

Well, that's just a warning, so when the plugin will update to the latest SDK it should disappear, I guess.

TheNotorius0 avatar Feb 11 '24 10:02 TheNotorius0

Was this issue ever resolved?

Where exactly in this plugin is the reCaptcha enterprise referenced?

OliverJacobRE avatar Jun 17 '24 10:06 OliverJacobRE

The issue has been resolved already. It can be closed.

I think reCaptcha isn't present in the plugin, but it was available from the SDK.

TheNotorius0 avatar Jun 17 '24 10:06 TheNotorius0

@TheNotorius0 do you know what version of this plugin it was resolved in?

OliverJacobRE avatar Jun 17 '24 10:06 OliverJacobRE

@TheNotorius0 do you know what version of this plugin it was resolved in?

Honestly, I don't know. If you read the Changelogs, I think you can manage to discover it. Try to find the releases in which the SDK version has been updated.

TheNotorius0 avatar Jun 17 '24 10:06 TheNotorius0

Updating to latest version packages fixes the issues ( package.json file )

{ "ANDROID_PLAY_SERVICES_TAGMANAGER_VERSION": "18.1.0", "ANDROID_PLAY_SERVICES_AUTH_VERSION": "21.2.0", "ANDROID_FIREBASE_ANALYTICS_VERSION": "22.0.2", "ANDROID_FIREBASE_MESSAGING_VERSION": "24.0.0", "ANDROID_FIREBASE_CONFIG_VERSION": "22.0.0", "ANDROID_FIREBASE_PERF_VERSION": "21.0.1", "ANDROID_FIREBASE_AUTH_VERSION": "23.0.0", "ANDROID_FIREBASE_INAPPMESSAGING_VERSION": "21.0.0", "ANDROID_FIREBASE_FIRESTORE_VERSION": "25.0.0", "ANDROID_FIREBASE_FUNCTIONS_VERSION": "21.0.0", "ANDROID_FIREBASE_IID_VERSION": "21.1.0", "ANDROID_FIREBASE_INSTALLATIONS_VERSION": "18.0.0", "ANDROID_FIREBASE_CRASHLYTICS_VERSION": "19.0.3", "ANDROID_FIREBASE_CRASHLYTICS_NDK_VERSION": "19.0.3", "ANDROID_GSON_VERSION": "2.11.0", "ANDROID_FIREBASE_PERF_GRADLE_PLUGIN_VERSION": "1.4.2", "ANDROID_GRPC_OKHTTP": "1.46.0" }

Screenshot from 2024-07-20 19-32-23

codeeshop-oc avatar Jul 20 '24 14:07 codeeshop-oc

Updating to latest version packages fixes the issues ( package.json file )

{ "ANDROID_PLAY_SERVICES_TAGMANAGER_VERSION": "18.1.0", "ANDROID_PLAY_SERVICES_AUTH_VERSION": "21.2.0", "ANDROID_FIREBASE_ANALYTICS_VERSION": "22.0.2", "ANDROID_FIREBASE_MESSAGING_VERSION": "24.0.0", "ANDROID_FIREBASE_CONFIG_VERSION": "22.0.0", "ANDROID_FIREBASE_PERF_VERSION": "21.0.1", "ANDROID_FIREBASE_AUTH_VERSION": "23.0.0", "ANDROID_FIREBASE_INAPPMESSAGING_VERSION": "21.0.0", "ANDROID_FIREBASE_FIRESTORE_VERSION": "25.0.0", "ANDROID_FIREBASE_FUNCTIONS_VERSION": "21.0.0", "ANDROID_FIREBASE_IID_VERSION": "21.1.0", "ANDROID_FIREBASE_INSTALLATIONS_VERSION": "18.0.0", "ANDROID_FIREBASE_CRASHLYTICS_VERSION": "19.0.3", "ANDROID_FIREBASE_CRASHLYTICS_NDK_VERSION": "19.0.3", "ANDROID_GSON_VERSION": "2.11.0", "ANDROID_FIREBASE_PERF_GRADLE_PLUGIN_VERSION": "1.4.2", "ANDROID_GRPC_OKHTTP": "1.46.0" }

Screenshot from 2024-07-20 19-32-23

I put the lines in the package.json file. I then made a cordova prepared. Google play console always gives me the warning "com.google.android.recaptcha:recaptch"

Is there anything more to do?

franfr57 avatar Jul 31 '24 14:07 franfr57