cordova-plugin-fingerprint-aio@4.0.2 vulnerabilities

Cordova plugin to use fingerprint authentication on Android and iOS

  • latest version

    6.0.0

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    8 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the cordova-plugin-fingerprint-aio package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Denial of Service (DoS)

    cordova-plugin-fingerprint-aio is a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS.

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the exported activity de.niklasmerz.cordova.biometric.BiometricActivity. This occurs because the activity does not handle to be requested with invalid or empty data which results in crashing the app's user. Any third party app can constantly call this activity with no permission. If a malicious app constantly send the malicious intent, the app using this plugin will never work.

    How to fix Denial of Service (DoS)?

    Upgrade cordova-plugin-fingerprint-aio to version 5.0.1 or higher.

    <5.0.1