Merge pull request #5788 from github/ThomasWunderlich-GHSA-fj44-h6xw-896g

advisory-database[bot] · web-flow · commit f71630965d05 · 2025-07-02T19:46:09.000Z
diff --git a/advisories/unreviewed/2025/06/GHSA-fj44-h6xw-896g/GHSA-fj44-h6xw-896g.json b/advisories/unreviewed/2025/06/GHSA-fj44-h6xw-896g/GHSA-fj44-h6xw-896g.json
@@ -1,19 +1,37 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fj44-h6xw-896g",
-  "modified": "2025-06-09T21:30:50Z",
+  "modified": "2025-06-09T21:31:54Z",
   "published": "2025-06-09T18:32:16Z",
   "aliases": [
     "CVE-2025-45001"
   ],
-  "details": "react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.",
+  "summary": "react-native-keys sensitive information disclosure",
+  "details": "[react-native-keys ](https://github.com/numandev1/react-native-keys)0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "react-native-keys"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -26,6 +44,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/ch3tanbug/vulnerability-research/tree/main/CVE-2025-45001"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/numandev1/react-native-keys"
     }
   ],
   "database_specific": {
