CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

Directory traversal

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

React Native Security Vulnerabilities

React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A security vulnerability exists in React Native Document Picker versions prior to v.9.1.1, which stems from a path traversal vulnerability in the component Android library...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component...

PT-2024-20960 · Unknown · React Native Document Picker

Name of the Vulnerable Software and Affected Versions: React Native Document Picker versions prior to 9.1.1 React Native Document Picker version 8.2.2 and earlier Description: A Directory Traversal issue allows a local attacker to execute arbitrary code via a crafted script to the Android library...

CVE-2024-25466

CVE-2024-25466 is a directory traversal vulnerability in React Native Document Picker affecting versions prior to 9.1.1 . The root cause is an Android library component that processes crafted scripts, allowing a local attacker to execute arbitrary code. The vulnerability is fixed in version 9.1.1...

Malicious code in @ebay/ui-core-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11187eb0b4555fd35f9cdebe15c9eedc700e017d094738488a06893e8c47ef85 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1006 Malicious code in @ebay/ui-core-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11187eb0b4555fd35f9cdebe15c9eedc700e017d094738488a06893e8c47ef85 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

007-nodejs (>=2.5.0 <=2.5.3), 10by10-react-app (=1.2.1) +5578 more potentially affected by CVE-2023-42282 via ip (>=0.0.1 <=1.1.8)

ip NPM version =0.0.1, =2.5.0, =1.0.0, =4.11.0, =1.0.1-5.4, =3.16.2, =3.0.0-beta.22, =3.0.0-beta.22, =3.16.2, =3.16.3, =3.16.2, =3.16.2, =3.0.0-beta.22, =3.16.10 and more Source cves: CVE-2023-42282 Source advisory: OSV:GHSA-78XJ-CGH5-2H22...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

PT-2024-20448 · Npm · @Tanstack/React-Query-Next-Experimental

Name of the Vulnerable Software and Affected Versions: @tanstack/react-query-next-experimental versions prior to 5.18.0 Description: The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either...

React Dashboard Security Vulnerability

React Dashboard is a template. A security vulnerability exists in React Dashboard version 1.4.0, which stems from unset httpOnly and is vulnerable to cross-site scripting attacks...

CVE-2023-51843

Summary: CVE-2023-51843 affects the React Dashboard package. Vulnerability: Cross Site Scripting (XSS) arising because the httpOnly flag is not set on cookies. Affected software: react-dashboard 1.4.0. Root cause (as stated): httpOnly is not set, enabling potential exposure of cookie data. Impact...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

Malicious code in california-state-web-template-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 91a0432190eb409c84a7c6bf3c06b34d9b7c4571be93f31b3635a925f4a4099e The OpenSSF Package Analysis project identified 'california-state-web-template-react' @ 9.2.1 npm as malicious. It is considered malicious...

MAL-2024-151 Malicious code in california-state-web-template-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 91a0432190eb409c84a7c6bf3c06b34d9b7c4571be93f31b3635a925f4a4099e The OpenSSF Package Analysis project identified 'california-state-web-template-react' @ 9.2.1 npm as malicious. It is considered malicious...

@egalteam/framework-react-native (>=2.0.0 <=2.0.1), @kafudev/react-native-core (>=1.0.1 <=1.0.4) +5 more potentially affected by CVE-2024-21668 via react-native-mmkv (>=1.3.2 <=2.10.2)

react-native-mmkv NPM version =1.3.2, =2.0.0, =1.0.1, =0.64.1-rc.3, =0.64.1-rc.2, =0.64.3-0 Source cves: CVE-2024-21668 Source advisory: OSV:GHSA-4JH3-6JHV-2MGP...

react-native-mmkv Insertion of Sensitive Information into Log File vulnerability

Summary Before version v2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge ADB if it is enabled in the phone settings. This bug is not present on iOS...

CVE-2024-21668

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...