Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

com.google.android.recaptcha:recaptcha:18.1.2 security warning #866

Open
kikino1989 opened this issue Feb 5, 2024 · 9 comments
Open

com.google.android.recaptcha:recaptcha:18.1.2 security warning #866

kikino1989 opened this issue Feb 5, 2024 · 9 comments

Comments

@kikino1989
Copy link

We are getting the following security warning regarding the reCAPTCHA Enterprice for Mobile SDK:

_This SDK version has a note from the SDK developer. Here's what the SDK developer told us:

A critical security vulnerability was discovered in reCAPTCHA Enterprise for Mobile. The vulnerability has been patched in the latest SDK release. Customers will need to update their Android application with the reCAPTCHA Enterprise for Mobile SDK, version 18.4.0 or above. We strongly recommend you update to the latest version as soon as possible._

As far as we have been able to find, the only references to that SDK are in the cordvoa-plugin-firebasex plugin.

Great job on this plugin, keep it up.

Environment information
Ionic:

Ionic CLI : 7.1.1 (/usr/local/lib/node_modules/@ionic/cli)
Ionic Framework : @ionic/angular 5.9.4
@angular-devkit/build-angular : 12.2.18
@angular-devkit/schematics : 12.2.18
@angular/cli : 12.2.18
@ionic/angular-toolkit : 5.0.3

Cordova:

Cordova CLI : 11.1.0
Cordova Platforms : android 12.0.1, browser 6.0.0, ios 7.0.1, windows 7.0.1 (deprecated)
Cordova Plugins : cordova-plugin-ionic-webview 5.0.0, (and 22 other plugins)

Utility:

cordova-res : 0.15.4
native-run : 2.0.1

System:

ios-deploy : 1.11.4
ios-sim : 8.0.2
NodeJS : v16.16.0 (/usr/local/bin/node)
npm : 10.2.3
OS : macOS Unknown
Xcode : Xcode 15.2 Build version 15C500b
@anuskaoo
Copy link

anuskaoo commented Feb 8, 2024

I have the same problem. I have read that if you add the line to the bundle.gradle:
implementation ‘com.google.android.recaptcha:recaptcha:18.4.0’
It is solved but when I compile, that line disappears so the problem continues. I don't use firebase authentication or recaptcha.
Can you help me, please. Thanks

@TheNotorius0
Copy link

Well, that's just a warning, so when the plugin will update to the latest SDK it should disappear, I guess.

@OliverJacobRE
Copy link

Was this issue ever resolved?

Where exactly in this plugin is the reCaptcha enterprise referenced?

@TheNotorius0
Copy link

The issue has been resolved already. It can be closed.

I think reCaptcha isn't present in the plugin, but it was available from the SDK.

@OliverJacobRE
Copy link

@TheNotorius0 do you know what version of this plugin it was resolved in?

@TheNotorius0
Copy link

@TheNotorius0 do you know what version of this plugin it was resolved in?

Honestly, I don't know. If you read the Changelogs, I think you can manage to discover it. Try to find the releases in which the SDK version has been updated.

@codeeshop-oc
Copy link

Updating to latest version packages fixes the issues ( package.json file )

{
"ANDROID_PLAY_SERVICES_TAGMANAGER_VERSION": "18.1.0",
"ANDROID_PLAY_SERVICES_AUTH_VERSION": "21.2.0",
"ANDROID_FIREBASE_ANALYTICS_VERSION": "22.0.2",
"ANDROID_FIREBASE_MESSAGING_VERSION": "24.0.0",
"ANDROID_FIREBASE_CONFIG_VERSION": "22.0.0",
"ANDROID_FIREBASE_PERF_VERSION": "21.0.1",
"ANDROID_FIREBASE_AUTH_VERSION": "23.0.0",
"ANDROID_FIREBASE_INAPPMESSAGING_VERSION": "21.0.0",
"ANDROID_FIREBASE_FIRESTORE_VERSION": "25.0.0",
"ANDROID_FIREBASE_FUNCTIONS_VERSION": "21.0.0",
"ANDROID_FIREBASE_IID_VERSION": "21.1.0",
"ANDROID_FIREBASE_INSTALLATIONS_VERSION": "18.0.0",
"ANDROID_FIREBASE_CRASHLYTICS_VERSION": "19.0.3",
"ANDROID_FIREBASE_CRASHLYTICS_NDK_VERSION": "19.0.3",
"ANDROID_GSON_VERSION": "2.11.0",
"ANDROID_FIREBASE_PERF_GRADLE_PLUGIN_VERSION": "1.4.2",
"ANDROID_GRPC_OKHTTP": "1.46.0"
}

Screenshot from 2024-07-20 19-32-23

@franfr57
Copy link

Updating to latest version packages fixes the issues ( package.json file )

{ "ANDROID_PLAY_SERVICES_TAGMANAGER_VERSION": "18.1.0", "ANDROID_PLAY_SERVICES_AUTH_VERSION": "21.2.0", "ANDROID_FIREBASE_ANALYTICS_VERSION": "22.0.2", "ANDROID_FIREBASE_MESSAGING_VERSION": "24.0.0", "ANDROID_FIREBASE_CONFIG_VERSION": "22.0.0", "ANDROID_FIREBASE_PERF_VERSION": "21.0.1", "ANDROID_FIREBASE_AUTH_VERSION": "23.0.0", "ANDROID_FIREBASE_INAPPMESSAGING_VERSION": "21.0.0", "ANDROID_FIREBASE_FIRESTORE_VERSION": "25.0.0", "ANDROID_FIREBASE_FUNCTIONS_VERSION": "21.0.0", "ANDROID_FIREBASE_IID_VERSION": "21.1.0", "ANDROID_FIREBASE_INSTALLATIONS_VERSION": "18.0.0", "ANDROID_FIREBASE_CRASHLYTICS_VERSION": "19.0.3", "ANDROID_FIREBASE_CRASHLYTICS_NDK_VERSION": "19.0.3", "ANDROID_GSON_VERSION": "2.11.0", "ANDROID_FIREBASE_PERF_GRADLE_PLUGIN_VERSION": "1.4.2", "ANDROID_GRPC_OKHTTP": "1.46.0" }

Screenshot from 2024-07-20 19-32-23

I put the lines in the package.json file.
I then made a cordova prepared.
Google play console always gives me the warning "com.google.android.recaptcha:recaptch"

Is there anything more to do?

@EMI-INDO
Copy link

EMI-INDO commented Nov 6, 2024

Fix cordova plugin add cordova-plugin-captcha --save --variable CAPTCHA_VERSION=18.4.0

https://www.npmjs.com/package/cordova-plugin-captcha

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@kikino1989 @TheNotorius0 @codeeshop-oc @franfr57 @anuskaoo @EMI-INDO @OliverJacobRE