Open SyedFaraz530 opened 3 years ago
Easiest way probably is use patch-package
, edit the line https://github.com/joltup/rn-fetch-blob/blob/v0.12.0/android/src/main/java/com/RNFetchBlob/RNFetchBlobUtils.java#L26 to
MessageDigest md = MessageDigest.getInstance("SHA-256");
@alpha0010 is this a valid way to resolve this vulnerability after replacing MD-5
to SHA-256
?
RNFetchBlobUtils.getMD5()
is used for generating temporary file names when using fileCache: true
. So, previously cached will no longer be used. The function name no longer makes sense (but it is only used internally). Other than that, everything should function the same.
Hi ! There is a one vulnerability found in RNFetchBlob through reverse engineering of android apk in Penetration Testing and it has a High Vulnerability so we have to must resolved this. so can anyone resolve or suggest me better way to pass this high vulnerability.