MAL-2022-5685 Malicious code in reactaddonscsstransitiong5rop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03d7beac15790fc32919e89f105f8e97dcebb29e228dae55f576ab5b0cb153b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1435 Malicious code in babelpugintransformreactjsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c5382dcc5be3a730f882330e09a06e62a180f32a8cb289d9f1dcd438ca6e2d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in babelplugintransfomreactremoveproptypes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 118d5e800455cde3fd9da5c424f41242c449f5bdb4665b9f989cffe0d63e215c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in babelpugintransformreactjsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c5382dcc5be3a730f882330e09a06e62a180f32a8cb289d9f1dcd438ca6e2d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Remote Code Execution

react-editable-json-tree is vulnerable to remote code execution.The vulnerability exists in onSubmitValueParser prop which calls parse function in src/utils/parse.js because of missing sanitization of the parse parameters which allows a remote attacker to inject and execute malicious code into th...

CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

React Editable Json Tree 安全漏洞

React Editable Json Tree is a library by the individual developer Havrileck Alexandre. A security vulnerability exists in React Editable Json Tree versions prior to 2.2.2, which stems from the ability to parse and execute arbitrary code via the eval function...

PT-2022-23110 · Unknown · React-Editable-Json-Tree

Name of the Vulnerable Software and Affected Versions: react-editable-json-tree versions =3.0.0, no...

Malicious Package

Overview stripe-identity-react-native is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

Malicious Package

Overview @uc-maps/provider-google.react is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

Malicious code in react_popper_old (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e281af61adcbe405037f7cac58495892a35fb0370322dbe5db6b15825d8ce18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

tauri-async-handler (>=0.1.0 <=0.4.0), tauri-react (=0.1.0) potentially affected by CVE-2022-39215 via tauri (>=0.10.0 <=0.9.2)

tauri CARGO version =0.10.0, =0.1.0, =0.4.0 - tauri-react =0.1.0 Source cves: CVE-2022-39215 Source advisory: OSV:RUSTSEC-2022-0088...

Malicious Package

Overview react-server-dom-vite is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Prototype Pollution

react-navigation is vulnerable to prototype pollution. A malicious input can be parsed and decoded as it does not prevent the properties such as "proto" to pollute the global object prototype...

@alloyify/anvil (>=1.1.2 <=1.1.4), @alloyify/devkit (>=1.1.2 <=1.1.4) +12 more potentially affected by CVE-2022-25907 via ts-deepmerge (=2.0.1)

ts-deepmerge NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on ts-deepmerge and may be impacted: - @alloyify/anvil =1.1.2, =1.1.2, =1.1.2, =1.1.2, =0.0.0-canary-20220330074435, =0.0.0-canary-20220330074435, =5.0.24, =11.1.27, =4.0.22,...

Malicious code in fk-react-lottie-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33691a695b98097014a383d3aaf0e290cf4b6c6793c824ab4324aebe7ea66e3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5331 Malicious code in pidl-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c44ef20dff714fe4e975abeb339f64d0becb0baca615a0c0b9b8eb14fe35d418 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pidl-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c44ef20dff714fe4e975abeb339f64d0becb0baca615a0c0b9b8eb14fe35d418 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7410 Malicious code in zohocomponents-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02306ea3563fd27b7738a5f7bbdf6a9f47659e2c1304067934fe7b49e0975410 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...