MAL-2024-11335 Malicious code in composed-react-app (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in preset-react-app (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2891 Malicious code in preset-react-app (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ontology-starter-react-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed3602d6737a3861487c258043efce70d2c7fe3708e9dabb0805841c5fddf6d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1801 Malicious code in @plangrid-private/babel-preset-react-app (npm)

--- -= Per source details. Do not edit below this line.=-...

007-nodejs (>=2.5.0 <=2.5.3), 10by10-react-app (=1.2.1) +5578 more potentially affected by CVE-2023-42282 via ip (>=0.0.1 <=1.1.8)

ip NPM version =0.0.1, =2.5.0, =1.0.0, =4.11.0, =1.0.1-5.4, =3.16.2, =3.0.0-beta.22, =3.0.0-beta.22, =3.16.2, =3.16.3, =3.16.2, =3.16.2, =3.0.0-beta.22, =3.16.10 and more Source cves: CVE-2023-42282 Source advisory: OSV:GHSA-78XJ-CGH5-2H22...

01-numacert (>=1.0.0 <=3.0.0), 10by10-react-app (=1.2.1) +3839 more potentially affected by CVE-2022-24999 via qs (>=6.5.0 <=6.5.2)

qs NPM version =6.5.0, =1.0.0, =0.2.0, =0.1.0, =1.0.0, =1.0.3, =0.0.1-bate.30, =0.0.1, =0.0.1, =1.0.0, =12.1.0, =6.0.0, =7.12.0 and more Source cves: CVE-2022-24999 Source advisory: OSV:GHSA-HRPP-H998-J3PP...

MAL-2022-5396 Malicious code in polaris-example-create-react-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b09d3e19b74639bb4f35c359140d1a531e719d2e9b76e549ef67c8953446e25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in twilio-video-diagnostics-react-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08e0cb94930e12286826bda59c0308c3cda18c27f2727bff979b6c7d20276278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

Command injection

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

Command Injection in facebook/create-react-app

description react-dev-utils includes some utilities used by Create React App. The function getProcessForPort in react-dev-utils is vulnerable to command injection. PoC Create a .js file with the content below and run it, then the file pzhou@shu can be illegally created. var getProcessForPort =...

Cross-Site Scripting in react-dom

Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by...