Open Redirect in Next.js

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly...

CVE-2021-37699

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly ha...

CVE-2021-37699

CVE-2021-37699 affects Next.js (open source framework for React). The vulnerability arises when pages/_error.js is statically generated in affected versions, enabling an open redirect to an attacker-controlled site. The issue is documented as open redirect in multiple sources (NVD/NVD-derived adv...

@2600hz/sds-react-native-components (>=0.1.0 <=1.8.1), @abdur-rakib/react-native-button (>=0.0.1 <=0.0.3) +625 more potentially affected by CVE-2020-1920 via react-native (>=0.63.0 <=0.64.0)

react-native NPM version =0.63.0, =0.1.0, =0.0.1, =0.1.0, =2.5.0, =0.0.1, =1.0.0, =1.0.1, =1.1.4, =1.0.0, =1.0.4, =1.0.3, =3.0.0, =1.2.1, =1.0.0, =1.0.3 and more Source cves: CVE-2020-1920 Source advisory: OSV:GHSA-7F53-FMMV-MFJV...

GHSA-7F53-FMMV-MFJV Regular expression denial of service in react-native

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

@acaciomartins/react-native-simpletable (>=0.0.1 <=0.0.2), @alan-ai/alan-sdk-react-native (>=1.0.4 <=1.0.7) +1206 more potentially affected by CVE-2020-1920 via react-native (>=0.59.0 <=0.62.2)

react-native NPM version =0.59.0, =0.0.1, =1.0.4, =2.3.3, =2.0.1, =2.0.1758683737, =2.1.87, =1.0.1767254401, =1.3.0, =0.1.0, =0.1.0, =0.1.1, =0.1.3 and more Source cves: CVE-2020-1920 Source advisory: OSV:GHSA-7F53-FMMV-MFJV...

Regular expression denial of service in react-native

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

Cross-site Scripting (XSS)

react-bootstrap-table is vulnerable to cross-site scripting. Lack of sanitization of output from the function dangerouslySetInnerHTML allows an attacker to inject and execute malicious script in a user's browser via the dataFormat parameter when an invalid React element is returned...

CVE-2021-23398

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

CVE-2021-23398

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

Cross site scripting

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

CVE-2021-23398

CVE-2021-23398 affects the React Bootstrap Table package. The vulnerability arises from improper validation of user input in the dataFormat parameter, triggering dangerouslySetInnerHTML when an invalid React element is returned, leading to a cross-site scripting (XSS) risk. Public documents descr...

CVE-2021-23398 Cross-site Scripting (XSS)

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

CVE-2021-23398

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

react-bootstrap-table 跨站脚本漏洞

react-bootstrap-table is a package. It is a Bootstrap table built using React.js. A cross-site scripting vulnerability exists in package react-bootstrap-table, which stems from an issue that is triggered when an invalid React element is returned, resulting in the use of dangerous setinnerhtml,...

02-infrastructure (=1.0.0), 02vue_toast_demo (>=1.0.0 <=1.0.4) +13877 more potentially affected by CVE-2021-29060 via color-string (>=0.1.3 <=1.5.3)

color-string NPM version =0.1.3, =1.0.0, =1.0.4, =3.1.4, =5.0.0, =3.1.6, =0.0.1, =1.0.2, =2.0.0, =2.0.4 and more Source cves: CVE-2021-29060 Source advisory: OSV:GHSA-257V-VJ4P-3W2H...

CVE-2021-24037

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

Design/Logic Flaw

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

CVE-2021-24037

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

CVE-2020-1920

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...