Facebook react-dev-utils 4.0.3

CPE Details

Facebook react-dev-utils 4.0.3
facebook
react-dev-utils
4.0.3
2021-03-23
19h42 +00:00
2021-03-23
19h54 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:facebook:react-dev-utils:4.0.3:*:*:*:*:*:*:*

Informations

Vendor

facebook

Product

react-dev-utils

Version

4.0.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-24033 2021-03-08 23h25 +00:00 react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.
5.6
Moyen
CVE-2018-6342 2018-12-31 21h00 +00:00 react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.
9.8
Critique