Facebook react-dev-utils 1.0.16

CPE Details

Facebook react-dev-utils 1.0.16
facebook
react-dev-utils
1.0.16
2021-03-23
19h42 +00:00
2021-03-23
19h54 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:facebook:react-dev-utils:1.0.16:*:*:*:*:*:*:*

Informations

Vendor

facebook

Product

react-dev-utils

Version

1.0.16

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-24033 2021-03-08 23h25 +00:00 react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.
5.6
Moyen