cordova-plugin-fingerprint-aio@0.1.2 vulnerabilities

Cordova plugin to use fingerprint authentication on Android and iOS

Direct Vulnerabilities

Known vulnerabilities in the cordova-plugin-fingerprint-aio package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Denial of Service (DoS)

cordova-plugin-fingerprint-aio is a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the exported activity de.niklasmerz.cordova.biometric.BiometricActivity. This occurs because the activity does not handle to be requested with invalid or empty data which results in crashing the app's user. Any third party app can constantly call this activity with no permission. If a malicious app constantly send the malicious intent, the app using this plugin will never work.

How to fix Denial of Service (DoS)?

Upgrade cordova-plugin-fingerprint-aio to version 5.0.1 or higher.

<5.0.1