react-native-get-random-values icon indicating copy to clipboard operation
react-native-get-random-values copied to clipboard
verified publisher icon LinusU

Security Warning: CVE-2021-44228 flagged by Wiz

Open islamneddar opened this issue 8 months ago • 2 comments

Hi 👋,

I'm opening this issue because my security scanner (Wiz) flagged a potential vulnerability: CVE-2021-44228 (Log4Shell) in a project that uses react-native-get-random-values.

However, this package is JavaScript-based and does not depend on Java or Log4j, which makes me suspect it could be a false positive. The vulnerability is associated with the Java logging library Log4j, but this project doesn't have any relation to Java at all unless in the android package.

Here's the context:

Package: react-native-get-random-values

Dependency tree: indirectly used through @aws-sdk/[email protected]

Scanner: Wiz

CVE: CVE-2021-44228

Please confirm if this project or any of its dependencies could include Log4j (directly or transitively) ?

islamneddar avatar May 14 '25 10:05 islamneddar

I would also second this issue we are experiencing on a few of our production applications. Could we perhaps get a fix in to address this?

SomethingNew71 avatar May 15 '25 12:05 SomethingNew71

@LinusU I created a PR to fix this if you would be kind enough to review and merge. :-)

SomethingNew71 avatar May 15 '25 12:05 SomethingNew71

Should be solved in 🚢 2.0.0 / 2025-10-22

LinusU avatar Oct 22 '25 19:10 LinusU