react-native-keys icon indicating copy to clipboard operation
react-native-keys copied to clipboard

Published 20 hours ago β€’ verified publisher icon numandev1

Cleartext Storage of Sensitive Information

Open ashishzopeCG opened this issue 3 months ago β€’ 8 comments

Image

Link: https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEKEYS-10674028

ashishzopeCG avatar Aug 29 '25 04:08 ashishzopeCG

πŸ‘‹ @ashishzopeCG Thanks for opening your issue here! If you find this package useful hit the star🌟!

github-actions[bot] avatar Aug 29 '25 04:08 github-actions[bot]

@numandev1 Any updates on this Snyk issue.

ashishzopeCG avatar Sep 01 '25 11:09 ashishzopeCG

I didnt test, but @ngocle2497 seem to have provided a fix for the other flaw. So, both might be fixed.

dougg0k avatar Sep 01 '25 12:09 dougg0k

@dougg0k This snyk issue is with latest version which includes fixes provided by @ngocle2497 , seems to be not getting fixed by it.

ashishzopeCG avatar Sep 01 '25 12:09 ashishzopeCG

there is a breaking bug in latest rn version, unrelated to this issue, but that report seems to be related to the version .11, not .12.

dougg0k avatar Sep 01 '25 12:09 dougg0k

@dougg0k added new screenshot with version details.

Image

ashishzopeCG avatar Sep 01 '25 13:09 ashishzopeCG

Hm, all the references mentioned in the url seems to have been for the other issue which had seemingly different flaws. Same for the CVE.

Perhaps @ngocle2497 only increased the difficulty not necessarily fixed anything. If it's even fixable.

dougg0k avatar Sep 01 '25 13:09 dougg0k

the pure base64 in this library? everything has been converted to bit form. i don't know which part of this library snyk is referring to

ngocle2497 avatar Sep 07 '25 16:09 ngocle2497