Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/549275?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/549275?format=api", "purl": "pkg:npm/cordova-plugin-fingerprint-aio@1.3.6", "type": "npm", "namespace": "", "name": "cordova-plugin-fingerprint-aio", "version": "1.3.6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.0.1", "latest_non_vulnerable_version": "5.0.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41930?format=api", "vulnerability_id": "VCID-8wxk-d7m5-jffj", "summary": "Reachable Assertion\ncordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. of the cordova-plugin-fingerprint-aio does not export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to as soon as possible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22526", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22418", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22414", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22464", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22513", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22441", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43849" }, { "reference_url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio" }, { "reference_url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/commit/27434a240f97f69fd930088654590c8ba43569df", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/commit/27434a240f97f69fd930088654590c8ba43569df" }, { "reference_url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/discussions/394", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/discussions/394" }, { "reference_url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/releases/tag/v5.0.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/releases/tag/v5.0.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43849", "reference_id": "CVE-2021-43849", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43849" }, { "reference_url": "https://github.com/advisories/GHSA-7vfx-hfvm-rhr8", "reference_id": "GHSA-7vfx-hfvm-rhr8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7vfx-hfvm-rhr8" }, { "reference_url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/security/advisories/GHSA-7vfx-hfvm-rhr8", "reference_id": "GHSA-7vfx-hfvm-rhr8", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/security/advisories/GHSA-7vfx-hfvm-rhr8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59908?format=api", "purl": "pkg:npm/cordova-plugin-fingerprint-aio@5.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/cordova-plugin-fingerprint-aio@5.0.1" } ], "aliases": [ "CVE-2021-43849", "GHSA-7vfx-hfvm-rhr8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wxk-d7m5-jffj" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/cordova-plugin-fingerprint-aio@1.3.6" }