4 matches found
Remote Code Execution
react-editable-json-tree is vulnerable to remote code execution.The vulnerability exists in onSubmitValueParser prop which calls parse function in src/utils/parse.js because of missing sanitization of the parse parameters which allows a remote attacker to inject and execute malicious code into th...
CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree
This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...
CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree
This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...
React Editable Json Tree 安全漏洞
React Editable Json Tree is a library by the individual developer Havrileck Alexandre. A security vulnerability exists in React Editable Json Tree versions prior to 2.2.2, which stems from the ability to parse and execute arbitrary code via the eval function...