Skip to main content

React Dev Utils

2 CVEs product

Monthly

CVE-2021-24033 npm MEDIUM POC PATCH This Month

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection React Dev Utils
NVD GitHub
CVSS 3.1
5.6
EPSS
3.3%
CVE-2018-6342 npm CRITICAL PATCH Act Now

react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Command Injection React Dev Utils
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
EPSS 3% CVSS 5.6
MEDIUM POC PATCH This Month

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection React Dev Utils
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Command Injection +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy