CVE-2020-24653

Expo on iOS is insecure due incorrect security attribute application in npm/expo

Identifiers

GHSA-rwx9-wqj8-vr77, CVE-2020-24653

Package Slug

npm/expo

Vulnerability

Expo on iOS is insecure due incorrect security attribute application

Description

secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHENUNLOCKEDTHISDEVICEONLY is used.

Affected Versions

All versions before 9.1.0

Solution

Upgrade to version 9.1.0 or above.

Last Modified

2022-09-19

source