Malicious code in react-dom-16 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d4cfe9e9636852d3f77e9d66db174963751bf0c61eb2364bbee74ddff0b84c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8666 Malicious code in react-dom-16 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d4cfe9e9636852d3f77e9d66db174963751bf0c61eb2364bbee74ddff0b84c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview react-dom17 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview react-dom-router-old is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious code in isomsorphic-react-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af5cb42b8400c90362f3b20685e648e98824dfcbfb667b1af00eba3754bdd507 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3969 Malicious code in isomsorphic-react-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af5cb42b8400c90362f3b20685e648e98824dfcbfb667b1af00eba3754bdd507 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vendor-react-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63a0b5099ec6bd274fd7bf4c2d20f7862fa2c1352b283b43f8a1f63a79b0ce38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6903 Malicious code in vendor-react-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63a0b5099ec6bd274fd7bf4c2d20f7862fa2c1352b283b43f8a1f63a79b0ce38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-dom-is (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a992e0b69df1d0c12f913e0477532f0900953868530bc27dc69063307359e8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5641 Malicious code in react-dom-is (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a992e0b69df1d0c12f913e0477532f0900953868530bc27dc69063307359e8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-dom-router-compatibility (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4efc1e3fc09e8efb01c5a4b15ee2c17ecab84adb02bd7641fdb76916584aee0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-dom-router-old (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 982577f3dd90dc874a760dcdc2288ddccc947f0a8410d5ab383e2350556ca1fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5643 Malicious code in react-dom-router-old (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 982577f3dd90dc874a760dcdc2288ddccc947f0a8410d5ab383e2350556ca1fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross-Site Scripting

Overview Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be...

@belong-ui/button (>=0.0.1 <=0.1.4), @belong-ui/checkbox (>=0.0.10 <=0.1.4) +135 more potentially affected by CVE-2018-6341 via react-dom (=16.0.0)

react-dom NPM version =16.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-dom and may be impacted: - @belong-ui/button =0.0.1, =0.0.10, =0.0.4, =0.0.6, =0.1.3, =0.0.5, =0.1.1, =0.0.12, =0.0.11, =0.0.7, =0.1.3, =0.0.1, =1.2.7, =1.2.7, =1.2.7,...

@anujboddu/searchbar (>=2.0.0 <=2.1.1), @dlghq/dialog-components (>=0.146.0 <=0.149.7) +42 more potentially affected by CVE-2018-6341 via react-dom (>=16.1.0 <=16.1.1)

react-dom NPM version =16.1.0, =2.0.0, =0.146.0, =4.0.1, =0.0.7, =1.0.0, =1.0.0, =1.1.0, =1.3.9, =1.1.10, =1.0.6, =0.0.12, =0.1.0, =3.6.3, =3.7.4 and more Source cves: CVE-2018-6341 Source advisory: OSV:GHSA-MVJJ-GQQ2-P4HW...

@activelylearn/react-pdf (=2.5.2), @aglet/components (>=1.3.3 <=2.0.1) +330 more potentially affected by CVE-2018-6341 via react-dom (=16.2.0)

react-dom NPM version =16.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-dom and may be impacted: - @activelylearn/react-pdf =2.5.2 - @aglet/components =1.3.3, =0.1.1-alpha.0, =1.0.5, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =3.0.4,...

@amory/patch-gatsby (>=2018.4.29-8 <=2018.5.11-5), @amory/patches (>=2018.5.11-6 <=2018.5.23-7) +226 more potentially affected by CVE-2018-6341 via react-dom (>=16.3.0 <=16.3.2)

react-dom NPM version =16.3.0, =2018.4.29-8, =2018.5.11-6, =2.0.0-rc.2, =0.0.5, =0.0.1, =1.9.1, =1.3.2, =1.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.3.2, =1.1.0, =1.1.3 and more Source cves: CVE-2018-6341 Source advisory: OSV:GHSA-MVJJ-GQQ2-P4HW...

@akiolabs/analytics (>=0.0.3 <=0.0.4), @akiolabs/app (>=0.0.2 <=0.0.4) +221 more potentially affected by CVE-2018-6341 via react-dom (>=16.4.0 <=16.4.1)

react-dom NPM version =16.4.0, =0.0.3, =0.0.2, =0.0.1, =2018.5.24-0, =2018.6.17-2, =2018.7.11-0, =0.4.1, =0.1.0-latest.1a450bb3, =1.0.0-beta.0, =0.0.2, =0.0.22-alpha.1, =1.1.0, =1.0.0, =1.6.1 and more Source cves: CVE-2018-6341 Source advisory: OSV:GHSA-MVJJ-GQQ2-P4HW...

GHSA-MVJJ-GQQ2-P4HW Cross-Site Scripting in react-dom

Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by...