ajith-ab/react-native-receive-sharing-intent

ajith-ab/react-native-receive-sharing-intent

Releases1
Last Release
Stars350
A React Native plugin that enables React Native apps to receive sharing photos, videos, text, urls or any other file types from another app

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
7.7 HIGH

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted _display_name value containing dot-dot path components through a malicious ContentProvider. Attackers can fire an explicit ACTION_SEND intent at the consuming app's exported share-receiver activity to overwrite arbitrary files in the consuming app's private data directory, including databases, shared preferences, and cached configuration, with attacker-controlled content.