CVE-2021-43849

Name of the Vulnerable Software and Affected Versions: cordova-plugin-fingerprint-aio versions prior to 5.0.1

Description: The exported activity de.niklasmerz.cordova.biometric.BiometricActivity can cause the app to crash when requested with invalid or empty data. Any third-party app can constantly call this activity with no permission, and a 3rd party app/attacker using an event listener can continually stop the app from working, making the victim unable to open it. This issue results in a denial of service (DoS) condition.

Recommendations: For versions prior to 5.0.1, change the attribute android:exported in plugin.xml to false to fix the issue. Upgrade to version 5.0.1 as soon as possible.