CVE-2018-6342 – react-dev-utils

Package

Manager: npm
Name: react-dev-utils
Vulnerable Version: >=1.0.0 <1.0.4 || >=2.0.0 <2.0.2 || >=3.0.0 <3.1.2 || >=4.0.0 <4.2.2 || >=5.0.0 <5.0.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00794 pctl0.73082

Details

react-dev-utils on Windows vulnerable to Remote Code Execution `react-dev-utils` on Windows is vulnerable to remote code execution. ## Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c

Metadata

Created: 2019-01-04T17:41:20Z
Modified: 2022-08-03T19:36:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-29gp-92wp-94q8/GHSA-29gp-92wp-94q8.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-29gp-92wp-94q8
Finding: F004
Auto approve: 1