Vulnerability	Vulnerable Version
M Denial of Service (DoS) cordova-plugin-fingerprint-aio is a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. Affected versions of this package are vulnerable to Denial of Service (DoS) via the exported activity `de.niklasmerz.cordova.biometric.BiometricActivity`. This occurs because the activity does not handle to be requested with invalid or empty data which results in crashing the app's user. Any third party app can constantly call this activity with no permission. If a malicious app constantly send the malicious intent, the app using this plugin will never work. How to fix Denial of Service (DoS)? Upgrade `cordova-plugin-fingerprint-aio` to version 5.0.1 or higher.	<5.0.1

Denial of Service (DoS)

cordova-plugin-fingerprint-aio is a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the exported activity de.niklasmerz.cordova.biometric.BiometricActivity. This occurs because the activity does not handle to be requested with invalid or empty data which results in crashing the app's user. Any third party app can constantly call this activity with no permission. If a malicious app constantly send the malicious intent, the app using this plugin will never work.

How to fix Denial of Service (DoS)?

Upgrade cordova-plugin-fingerprint-aio to version 5.0.1 or higher.

<5.0.1

Go back to all versions of this package