Kyivstarteam

**Name of the Vulnerable Software and Affected Versions** kyivstarteam react-native-sms-user-consent versions 1.1.4 and earlier **Description** A critical issue has been found in the affected software, specifically in the function `registerReceiver` of the file `android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt`. This issue leads to improper export of Android application components. It requires a local attack to be exploited. **Recommendations** To address this issue, upgrade to version 1.1.5. As a temporary workaround, consider disabling the `registerReceiver` function until the patch is applied. Restrict access to the `SmsUserConsentModule.kt` file to minimize the risk of exploitation.