Malicious code in extract-react-types-mono-repo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97291f1a69bcf0454ce9436e0b9962597636b4422b1a88ff5272fdd93d91c165 The OpenSSF Package Analysis project identified 'extract-react-types-mono-repo' @ 0.0.2 npm as malicious. It is considered malicious because: -...

MAL-2023-8481 Malicious code in extract-react-types-mono-repo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97291f1a69bcf0454ce9436e0b9962597636b4422b1a88ff5272fdd93d91c165 The OpenSSF Package Analysis project identified 'extract-react-types-mono-repo' @ 0.0.2 npm as malicious. It is considered malicious because: -...

Malicious code in react-18-viem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ab3496e80f456724e73563a2fef64ff6928d569e6e730832dd7de084aa0b3655 The OpenSSF Package Analysis project identified 'react-18-viem' @ 0.1.1 npm as malicious. It is considered malicious because: - The package...

MAL-2023-8469 Malicious code in react-18-viem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ab3496e80f456724e73563a2fef64ff6928d569e6e730832dd7de084aa0b3655 The OpenSSF Package Analysis project identified 'react-18-viem' @ 0.1.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in frontegg-react-sanity-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb25e4621d231dcfb19174b3d68e319d416128e938f699d683cd4cd436f0fd10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8458 Malicious code in frontegg-react-sanity-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb25e4621d231dcfb19174b3d68e319d416128e938f699d683cd4cd436f0fd10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-46134

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

CVE-2023-46134 D-Tale vulnerable to Remote Code Execution through the Custom Filter Input

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

CVE-2023-46134

CVE-2023-46134 concerns D-Tale, a Flask back-end + React front-end tool for Pandas data. The vulnerability arises from the Custom Filter input, enabling remote code execution when D-Tale is hosted publicly and the input is not properly restricted. The issue was patched in version 3.7.0 by turning...

CVE-2023-46134 D-Tale vulnerable to Remote Code Execution through the Custom Filter Input

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

4help-app-shared (>=1.0.21 <=1.0.26), 4help-shared (>=1.0.2 <=1.0.20) +3205 more potentially affected by CVE-2023-5654 via react-devtools-core (>=1.0.6 <=4.28.0)

react-devtools-core NPM version =1.0.6, =1.0.21, =1.0.2, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.22, =0.0.12, =1.2.0, =1.0.4, =0.0.1, =0.0.6 and more Source cves: CVE-2023-5654 Source advisory: OSV:GHSA-RXRC-RGV4-JPVX...

GHSA-RXRC-RGV4-JPVX React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

Input validation

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The CVE-2023-5654 issue affects the React Developer Tools extension and is caused by a content-script listener registered with window.addEventListener('message', …) that fetches a URL derived from a received message without validating/sanitising it. This allows a malicious page to trigger the vic...

React Developer Tools Security Vulnerability

Facebook React Developer Tools is a JavaScript library for building user interfaces from Facebook Inc. A security vulnerability exists in React Developer Tools version v4.27.8, which stems from an extension that registers a message listener in content scripts, where code within the listener does...

PT-2023-32240 · Facebook · React Developer Tools

Name of the Vulnerable Software and Affected Versions: React Developer Tools extension affected versions not specified Description: The React Developer Tools extension has a message listener registered with window.addEventListener'message', in a content script accessible to any active webpage in...

MAL-2023-8373 Malicious code in @bitsoex/react-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e89332fc8c2abca1b7c5a14da73534cf2f08bbedb6a61665dd691b87893e008 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...