Lucene search
K

22 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-14802

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS0.01324EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-14802

CVE-2026-14802 affects react-create-app releases up to 5.0.1 on macOS, targeting the startBrowserProcess function in openBrowser.js within react-dev-utils. The root cause is an input manipulation that enables OS command injection, with remote exploitation described as possible and the exploit pub...

7.5CVSS6.7AI score0.01324EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41815

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS5.7AI score0.01324EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0169

Malware in sbrugna...

10CVSS9.2AI score0.02845EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0612

Malware in sbrugna...

6.8CVSS6.4AI score0.03289EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2021/03/11 10:26 p.m.8 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +5681 more potentially affected by CVE-2021-24033 via react-dev-utils (>=0.4.0 <=11.0.3)

react-dev-utils NPM version =0.4.0, =1.0.1, =0.1.0, =0.1.2, =1.0.3, =0.1.0, =0.1.21, =1.0.0, =0.1.0, =2.0.5, =2.2.0 and more Source cves: CVE-2021-24033 Source advisory: OSV:GHSA-5Q6M-3H65-W53X...

6.8CVSS6.1AI score0.03289EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/03/11 10:26 p.m.79 views

react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.8CVSS3.2AI score0.03289EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/03/11 10:26 p.m.2 views

GHSA-5Q6M-3H65-W53X react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

5.6CVSS7AI score0.03289EPSS
Exploits1References6
Veracode
Veracode
added 2021/03/10 6:6 a.m.36 views

OS Command Injection

react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of childprocess.execFileSync in the function getProcessIdOnPort...

5.6CVSS6.3AI score0.03289EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2021/03/09 9:3 a.m.37 views

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.8CVSS3.2AI score0.03289EPSS
Exploits1References5
NVD
NVD
added 2021/03/09 1:15 a.m.55 views

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.8CVSS0.03289EPSS
Exploits1References2
OSV
OSV
added 2021/03/09 1:15 a.m.7 views

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

5.6CVSS7AI score0.03289EPSS
Exploits1References2
Prion
Prion
added 2021/03/09 1:15 a.m.31 views

Command injection

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.8CVSS5.8AI score0.03289EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/03/09 12:25 a.m.63 views

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.5AI score0.03289EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2019/01/04 5:41 p.m.36 views

react-dev-utils on Windows vulnerable to Remote Code Execution

react-dev-utils on Windows is vulnerable to remote code execution. Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c...

10CVSS5.6AI score0.02845EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2019/01/04 5:41 p.m.7 views

@enact/cli (>=0.9.6 <=0.9.8), abt.api.web (=0.0.3) +26 more potentially affected by CVE-2018-6342 via react-dev-utils (>=3.0.0 <=3.1.1)

react-dev-utils NPM version =3.0.0, =0.9.6, =4.2.0, =1.5.1, =0.15.0, =0.7.0, =0.7.0, =0.1.0, =0.1.4, =1.9.2, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2018-6342 Source advisory: OSV:GHSA-29GP-92WP-94Q8...

10CVSS7.2AI score0.02845EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2019/01/04 5:41 p.m.6 views

@yaochuxia/roadhog (=1.0.9), svmx-react-scripts (>=1.1.4 <=1.1.17) +1 more potentially affected by CVE-2018-6342 via react-dev-utils (=2.0.1)

react-dev-utils NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-dev-utils and may be impacted: - @yaochuxia/roadhog =1.0.9 - svmx-react-scripts =1.1.4, =0.1.0, =0.1.1 Source cves: CVE-2018-6342 Source advisory:...

10CVSS7.2AI score0.02845EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2019/01/04 5:41 p.m.13 views

@1337lawyers/design (>=0.1.0 <=0.1.38), @9188/w-cli (>=1.0.0 <=1.0.4) +50 more potentially affected by CVE-2018-6342 via react-dev-utils (>=5.0.0 <=5.0.1)

react-dev-utils NPM version =5.0.0, =0.1.0, =1.0.0, =0.4.1, =0.1.0-latest.1a450bb3, =1.0.5, =1.0.0-beta.28, =1.0.1, =1.0.0, =1.0.0, =0.26.4, =0.0.0-legacy, =3.10.0-beta.0, =0.1.0-alpha.0, =2.1.16, =2.3.5 - aqxy-common-ui =0.0.1 and more Source cves: CVE-2018-6342 Source advisory:...

10CVSS7.2AI score0.02845EPSS
Exploits0
OSV
OSV
added 2019/01/04 5:41 p.m.3 views

GHSA-29GP-92WP-94Q8 react-dev-utils on Windows vulnerable to Remote Code Execution

react-dev-utils on Windows is vulnerable to remote code execution. Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c...

10CVSS6.1AI score0.02845EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2018/12/31 10:0 p.m.8 views

CVE-2018-6342

react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server either via CSRF or by direct reque...

9.8AI score0.02845EPSS
Exploits0References2
Rows per page
Query Builder