React Native Document Picker Directory Traversal vulnerability

Directory Traversal vulnerability in React Native Document Picker before 8.2.2 and 9.x before 9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

GHSA-PMGM-H3CC-M4HJ React Native Document Picker Directory Traversal vulnerability

Directory Traversal vulnerability in React Native Document Picker before 8.2.2 and 9.x before 9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

@armiasystems/react-native-armia-chat-sdk (>=1.0.8 <=1.0.9), @kafudev/react-native-core (>=1.0.1 <=1.0.4) +42 more potentially affected by CVE-2024-25466 via react-native-document-picker (>=2.3.0 <=8.2.0)

react-native-document-picker NPM version =2.3.0, =1.0.8, =1.0.1, =0.64.1-beta.46, =0.5.0, =0.0.8, =0.0.14, =0.0.186, =0.0.5, =2.46.0, =1.0.0, =0.0.24, =0.0.1, =1.1.12 - abc123efgh =1.0.0 and more Source cves: CVE-2024-25466 Source advisory: OSV:GHSA-PMGM-H3CC-M4HJ...

@icanbwell/composite (>=1.89.4 <=1.202.0), @icanbwell/native-components (>=0.21.6 <=0.31.0) +4 more potentially affected by CVE-2024-25466 via react-native-document-picker (>=9.0.1 <=9.1.0)

react-native-document-picker NPM version =9.0.1, =1.89.4, =0.21.6, =0.14.5, =1.1.0, =1.8.0 - @likeminds.community/feed-rn-core =0.6.0 - @likeminds.community/feed-rn-core-beta =0.0.1 Source cves: CVE-2024-25466 Source advisory: OSV:GHSA-PMGM-H3CC-M4HJ...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

Directory traversal

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

PT-2024-20960 · Unknown · React Native Document Picker

Name of the Vulnerable Software and Affected Versions: React Native Document Picker versions prior to 9.1.1 React Native Document Picker version 8.2.2 and earlier Description: A Directory Traversal issue allows a local attacker to execute arbitrary code via a crafted script to the Android library...

CVE-2024-25466

CVE-2024-25466 is a directory traversal vulnerability in React Native Document Picker affecting versions prior to 9.1.1 . The root cause is an Android library component that processes crafted scripts, allowing a local attacker to execute arbitrary code. The vulnerability is fixed in version 9.1.1...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

React Native Security Vulnerabilities

React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A security vulnerability exists in React Native Document Picker versions prior to v.9.1.1, which stems from a path traversal vulnerability in the component Android library...

Malicious code in @ebay/ui-core-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11187eb0b4555fd35f9cdebe15c9eedc700e017d094738488a06893e8c47ef85 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1006 Malicious code in @ebay/ui-core-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11187eb0b4555fd35f9cdebe15c9eedc700e017d094738488a06893e8c47ef85 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

007-nodejs (>=2.5.0 <=2.5.3), 10by10-react-app (=1.2.1) +5573 more potentially affected by CVE-2023-42282 via ip (>=0.0.1 <=1.1.8)

ip NPM version =0.0.1, =2.5.0, =1.0.0, =4.11.0, =1.0.1-5.4, =3.16.2, =3.0.0-beta.22, =3.0.0-beta.22, =3.16.2, =3.16.3, =3.16.2, =3.16.2, =3.0.0-beta.22, =3.16.10 and more Source cves: CVE-2023-42282 Source advisory: OSV:GHSA-78XJ-CGH5-2H22...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

PT-2024-20448 · Npm · @Tanstack/React-Query-Next-Experimental

Name of the Vulnerable Software and Affected Versions: @tanstack/react-query-next-experimental versions prior to 5.18.0 Description: The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either...

React Dashboard Security Vulnerability

React Dashboard is a template. A security vulnerability exists in React Dashboard version 1.4.0, which stems from unset httpOnly and is vulnerable to cross-site scripting attacks...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

CVE-2023-51843

Summary: CVE-2023-51843 affects the React Dashboard package. Vulnerability: Cross Site Scripting (XSS) arising because the httpOnly flag is not set on cookies. Affected software: react-dashboard 1.4.0. Root cause (as stated): httpOnly is not set, enabling potential exposure of cookie data. Impact...