Filtered by vendor Expo
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28131 | 1 Expo | 1 Expo Software Development Kit | 2024-11-21 | N/A | 9.6 CRITICAL |
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc). | |||||
CVE-2020-24653 | 1 Expo | 1 Expo | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used. |