-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the iOS security attribute mapping in EXSecureStore.m. The commit diff shows a line change where WHEN_UNLOCKED_THIS_DEVICE_ONLY was incorrectly using the 'Always' accessibility policy instead of 'WhenUnlocked'. This function directly controls the security attributes applied to stored data, making it the clear vulnerability source. The high confidence comes from explicit evidence in the commit showing the incorrect kSecAttrAccessibleAlwaysThisDeviceOnly being replaced with the correct attribute in this specific function.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| expo | npm | < 9.1.0 | 9.1.0 |
JavaScriptJavaScriptOngoing coverage of React2Shell