28 matches found
CVE-2026-14802
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...
CVE-2026-14802 react create-react-app react-dev-utils openBrowser.js startBrowserProcess os command injection
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...
CVE-2026-14802
CVE-2026-14802 affects react-create-app releases up to 5.0.1 on macOS, targeting the startBrowserProcess function in openBrowser.js within react-dev-utils. The root cause is an input manipulation that enables OS command injection, with remote exploitation described as possible and the exploit pub...
EUVD-2026-41815
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...
EUVD-2019-0169
Malware in sbrugna...
EUVD-2021-0612
Malware in sbrugna...
MAL-2025-1696 Malicious code in @optimystic99/dev-utils (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in rec3t-dev-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d448e9d4d5fbd9def37731a1409acb449e54c306bddb581430918e5ea7f1db44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5713 Malicious code in rec3t-dev-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d448e9d4d5fbd9def37731a1409acb449e54c306bddb581430918e5ea7f1db44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
db-systray (>=0.1.0 <=0.1.2), dbm-systray (>=0.1.3 <=0.2.0) +6 more potentially affected by CVE-2021-23404 via sqlite-web (>=0.6.8 <=0.7.2)
sqlite-web PYPI version =0.6.8, =0.1.0, =0.1.3, =0.0.2, =0.0.2, =0.0.1, =0.2.1, =0.1.8, =0.2.6 Source cves: CVE-2021-23404 Source advisory: SNYK:PYTHON-SQLITEWEB-1316324...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +5681 more potentially affected by CVE-2021-24033 via react-dev-utils (>=0.4.0 <=11.0.3)
react-dev-utils NPM version =0.4.0, =1.0.1, =0.1.0, =0.1.2, =1.0.3, =0.1.0, =0.1.21, =1.0.0, =0.1.0, =2.0.5, =2.2.0 and more Source cves: CVE-2021-24033 Source advisory: OSV:GHSA-5Q6M-3H65-W53X...
react-dev-utils OS Command Injection in function `getProcessForPort`
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...
GHSA-5Q6M-3H65-W53X react-dev-utils OS Command Injection in function `getProcessForPort`
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...
OS Command Injection
react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of childprocess.execFileSync in the function getProcessIdOnPort...
CVE-2021-24033
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...
CVE-2021-24033
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...
CVE-2021-24033
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...
Command injection
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...
CVE-2021-24033
CVE-2021-24033 affects react-dev-utils prior to v11.0.4, where the function getProcessForPort concatenates an input argument into a shell command. The issue is only exploitable if this function is called with user-supplied input (i.e., via custom code); using it from react-scripts (as in Create R...
CVE-2021-24033
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...