Vulnerabilities (CVE)

Filtered by vendor Expo Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28131 1 Expo 1 Expo Software Development Kit 2023-12-10 N/A 9.6 CRITICAL
A vulnerability in the framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).
CVE-2020-24653 1 Expo 1 Expo 2023-12-10 6.8 MEDIUM 9.8 CRITICAL
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used.