VYPR
Moderate severityNVD Advisory· Published Dec 31, 2018· Updated May 6, 2025

CVE-2018-6341

CVE-2018-6341

Description

React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
react-domnpm
>= 16.0.0, < 16.0.116.0.1
react-domnpm
>= 16.1.0, < 16.1.216.1.2
react-domnpm
>= 16.2.0, < 16.2.116.2.1
react-domnpm
>= 16.3.0, < 16.3.316.3.3
react-domnpm
>= 16.4.0, < 16.4.216.4.2

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.