npm package
react-dev-utils
pkg:npm/react-dev-utils
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-24033 | — | >= 0.4.0, < 11.0.4 | 11.0.4 | Mar 9, 2021 | react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this functio | ||
| CVE-2018-6342 | — | >= 1.0.0, < 1.0.4 | 1.0.4 | Dec 31, 2018 | react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF |
- CVE-2021-24033Mar 9, 2021affected >= 0.4.0, < 11.0.4fixed 11.0.4
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this functio
- CVE-2018-6342Dec 31, 2018affected >= 1.0.0, < 1.0.4fixed 1.0.4
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF