9 matches found
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in React (CVE-2018-6341)
Summary A vulnerability in React that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2018-6341 DESCRIPTION: React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack...
@belong-ui/button (>=0.0.1 <=0.1.4), @belong-ui/checkbox (>=0.0.10 <=0.1.4) +135 more potentially affected by CVE-2018-6341 via react-dom (=16.0.0)
react-dom NPM version =16.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-dom and may be impacted: - @belong-ui/button =0.0.1, =0.0.10, =0.0.4, =0.0.6, =0.1.3, =0.0.5, =0.1.1, =0.0.12, =0.0.11, =0.0.7, =0.1.3, =0.0.1, =1.2.7, =1.2.7, =1.2.7,...
@anujboddu/searchbar (>=2.0.0 <=2.1.1), @dlghq/dialog-components (>=0.146.0 <=0.149.7) +42 more potentially affected by CVE-2018-6341 via react-dom (>=16.1.0 <=16.1.1)
react-dom NPM version =16.1.0, =2.0.0, =0.146.0, =4.0.1, =0.0.7, =1.0.0, =1.0.0, =1.1.0, =1.3.9, =1.1.10, =1.0.6, =0.0.12, =0.1.0, =3.6.3, =3.7.4 and more Source cves: CVE-2018-6341 Source advisory: OSV:GHSA-MVJJ-GQQ2-P4HW...
@activelylearn/react-pdf (=2.5.2), @aglet/components (>=1.3.3 <=2.0.1) +330 more potentially affected by CVE-2018-6341 via react-dom (=16.2.0)
react-dom NPM version =16.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-dom and may be impacted: - @activelylearn/react-pdf =2.5.2 - @aglet/components =1.3.3, =0.1.1-alpha.0, =1.0.5, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =3.0.4,...
CVE-2018-6341
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was...
CVE-2018-6341
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was...
CVE-2018-6341
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was...
CVE-2018-6341
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was...
CVE-2018-6341
CVE-2018-6341 (React/XSS) : The IBM bulletin confirms a vulnerability in React where rendering HTML via ReactDOMServer fails to escape user-supplied attribute names, enabling cross-site scripting. Affected versions are React 16.0.x through 16.4.x; the issue arises from improper validation/escapin...