https://vulnerability.circl.lu/sightings/feed 2026-06-04T11:13:40.981077+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/25c85984-315b-475f-9d5f-48928a3d9ac5/export 2026-06-04T11:13:41.447838+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "25c85984-315b-475f-9d5f-48928a3d9ac5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43849", "type": "seen", "source": "https://t.me/cibsecurity/34575", "content": "\u203c CVE-2021-43849 \u203c\n\ncordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-23T20:21:17.000000Z"} 2021-12-23T20:21:17+00:00