4 matches found
Remote Code Execution
react-editable-json-tree is vulnerable to remote code execution.The vulnerability exists in onSubmitValueParser prop which calls parse function in src/utils/parse.js because of missing sanitization of the parse parameters which allows a remote attacker to inject and execute malicious code into th...
CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree
This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...
CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree
This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...
PT-2022-23110 · Unknown · React-Editable-Json-Tree
Name of the Vulnerable Software and Affected Versions: react-editable-json-tree versions =3.0.0, no...