A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function
registerReceiver
of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components.
This vulnerability is handled as CVE-2021-4438. Attacking locally is a requirement. There is no exploit available.
It is recommended to upgrade the affected component.