CVE-2021-4438

Name of the Vulnerable Software and Affected Versions kyivstarteam react-native-sms-user-consent versions 1.1.4 and earlier

Description A critical issue has been found in the affected software, specifically in the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. This issue leads to improper export of Android application components. It requires a local attack to be exploited.

Recommendations To address this issue, upgrade to version 1.1.5. As a temporary workaround, consider disabling the registerReceiver function until the patch is applied. Restrict access to the SmsUserConsentModule.kt file to minimize the risk of exploitation.