npm package
react
pkg:npm/react
Malware
1 malicious version on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2024-2929Malicious code in react (npm)Jun 25, 2024
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-7035 | med | — | >= 0.4.0, < 0.4.2 | 0.4.2 | Sep 4, 2020 | Affected versions of `react` are vulnerable to Cross-Site Scripting (XSS). The package fails to properly sanitize input used to create keys. This may allow attackers to execute arbitrary JavaScript if a key is generated from user input. ## Recommendation If you are using `reac |
- affected >= 0.4.0, < 0.4.2fixed 0.4.2
Affected versions of `react` are vulnerable to Cross-Site Scripting (XSS). The package fails to properly sanitize input used to create keys. This may allow attackers to execute arbitrary JavaScript if a key is generated from user input. ## Recommendation If you are using `reac