4877 matches found
CVE-2023-5654
The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...
React Developer Tools Security Vulnerability
Facebook React Developer Tools is a JavaScript library for building user interfaces from Facebook Inc. A security vulnerability exists in React Developer Tools version v4.27.8, which stems from an extension that registers a message listener in content scripts, where code within the listener does...
PT-2023-32240 · Facebook · React Developer Tools
Name of the Vulnerable Software and Affected Versions: React Developer Tools extension affected versions not specified Description: The React Developer Tools extension has a message listener registered with window.addEventListener'message', in a content script accessible to any active webpage in...
MAL-2023-8373 Malicious code in @bitsoex/react-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e89332fc8c2abca1b7c5a14da73534cf2f08bbedb6a61665dd691b87893e008 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-native-transcribe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bb4e6ce35475e387bd3dc85d83e20eeb1c4cd4ad8f4c8ccc7792928c87ddc18c The OpenSSF Package Analysis project identified 'react-native-transcribe' @ 1.3.0 npm as malicious. It is considered malicious because: - The...
MAL-2023-8321 Malicious code in react-native-transcribe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bb4e6ce35475e387bd3dc85d83e20eeb1c4cd4ad8f4c8ccc7792928c87ddc18c The OpenSSF Package Analysis project identified 'react-native-transcribe' @ 1.3.0 npm as malicious. It is considered malicious because: - The...
This Week in Spring - October 3rd, 2023
Hi Spring fans! Welcome to another installment of This Week in Spring! How're you doin'? I've just flown in from Singapore - where I was keynoting and presenting at SpringOne Singapore - and am now in Antwerp, Belgium for the deliriously fun Devoxx Belgium show. I've missed this show, and it's a...
Skyhook - A Round-Trip Obfuscated HTTP File Transfer Setup Built To Bypass IDS Detections
Skyhook is a REST-driven utility used to smuggle files into and out of networks defended by IDS implementations. It comes with a pre-packaged web client that uses a blend of React, vanilla JS, and web assembly to manage file transfers. Key Links Download here See the user documentation to get...
Malicious code in react-fixtures (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 313318cff861c45bde316c24fa07d680f6c59e74a77ae6e65c31fe66f54e2f9d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8259 Malicious code in react-fixtures (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 313318cff861c45bde316c24fa07d680f6c59e74a77ae6e65c31fe66f54e2f9d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cm-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac624ff32f672028e8dca14a6a9207e93af47cde418a00eec1b1a8dbcae0baae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8257 Malicious code in cm-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac624ff32f672028e8dca14a6a9207e93af47cde418a00eec1b1a8dbcae0baae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zettle-bo/react-router-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d15f8bb2c4ca588ab243f077851d021201eb274122b32a38b91cc93d7d03d1c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zettle-bo/react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b961ea11cf720196d00489b643e7085441ce41efe9d21ef3d77b4f24c1238ef3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zettle-bo/react-spa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 476ca9163b9976a64e9b1596fb739c8dc2c4725cd2f321d998e6da3cf072e3ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8205 Malicious code in @zettle-bo/react-spa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 476ca9163b9976a64e9b1596fb739c8dc2c4725cd2f321d998e6da3cf072e3ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8151 Malicious code in telia-front-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 915e7468494f50f3f273a20457aa01b3aec6e0f5cae88024b0db7ec5246c32aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in telia-front-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 915e7468494f50f3f273a20457aa01b3aec6e0f5cae88024b0db7ec5246c32aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in payment-react-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1be5313ebc025cf120f74736aba05ea6e53d94fb39c36b1097c2803a7f7d70de The OpenSSF Package Analysis project identified 'payment-react-component' @ 1.5.0 npm as malicious. It is considered malicious because: - The...
MAL-2023-8107 Malicious code in payment-react-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1be5313ebc025cf120f74736aba05ea6e53d94fb39c36b1097c2803a7f7d70de The OpenSSF Package Analysis project identified 'payment-react-component' @ 1.5.0 npm as malicious. It is considered malicious because: - The...