You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to report a potential security vulnerability in the example app of this library. The issue arises due to the inclusion of OpenSSL-Universal version 1.1.1100 in the file Podfile.lock of the iOS example project.
CVE-2021-3711: This version of OpenSSL is affected by a buffer overflow vulnerability related to SM2 decryption (classified as CWE-120: Classic Buffer Overflow).
Severity:
CVSSv2: High (7.5)
CVSSv3: Critical (9.8)
Recommended Action:
It is advisable to update the Podfile.lock in the example app to use a patched version of OpenSSL-Universal, ideally version 1.1.1l or later, as this vulnerability is fixed in those releases.
Notes:
While this issue might not directly impact users of the library (as it is in the example app), having vulnerable dependencies in any part of the project could be problematic.
Thank you for addressing this, and please let me know if more details are needed.
The text was updated successfully, but these errors were encountered:
Description:
Hello,
I want to report a potential security vulnerability in the example app of this library. The issue arises due to the inclusion of
OpenSSL-Universal
version1.1.1100
in the filePodfile.lock
of the iOS example project.Details:
node_modules/react-native-qrcode-svg/Example/ios/Podfile.lock
pkg:cocoapods/[email protected]
(Confidence: Highest)cpe:2.3:a:openssl:openssl:1.1.1100:*:*:*:*:*:*:*
(Confidence: Low)Vulnerability Reference:
Recommended Action:
It is advisable to update the
Podfile.lock
in the example app to use a patched version ofOpenSSL-Universal
, ideally version1.1.1l
or later, as this vulnerability is fixed in those releases.Notes:
While this issue might not directly impact users of the library (as it is in the example app), having vulnerable dependencies in any part of the project could be problematic.
Thank you for addressing this, and please let me know if more details are needed.
The text was updated successfully, but these errors were encountered: