React Native代码问题漏洞

React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A code issue vulnerability exists in react-native version 0.59.0, which stems from a regular expression in the validateBaseUrl function that could cause an application to use too many...

PT-2021-10305 · Facebook · React Native

Name of the Vulnerable Software and Affected Versions: react-native versions 0.59.0 through 0.64.1 Description: A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash...

Remote Code Execution (RCE)

matrix-react-sdk is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by accessing the local file preview when uploading a malicious file...

Credential leak in react-native-fast-image

Overview This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other...

@agungkes/react-native-scalable-image (>=1.0.1 <=1.0.2), @applicaster/zapp-react-native-fast-image (>=1.0.0 <=1.1.0-beta.0) +35 more potentially affected by CVE-2020-7696 via react-native-fast-image (>=4.0.14 <=8.2.0)

react-native-fast-image NPM version =4.0.14, =1.0.1, =1.0.0, =1.0.0, =1.8.20, =1.0.21, =0.0.8, =0.0.8, =0.0.1, =0.0.1, =0.10.25, =1.0.113, =1.0.220 - inso-motorbike-liability =1.0.2 and more Source cves: CVE-2020-7696 Source advisory: OSV:GHSA-6XHG-Q9C8-RJ32...

Credential leak in react-native-fast-image

This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session toke...

GHSA-6XHG-Q9C8-RJ32 Credential leak in react-native-fast-image

This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session toke...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2021-32622 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2021-32622 Source advisory: OSV:GHSA-8796-GC9J-63RV...

CVE-2021-32622

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

CVE-2021-32622

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

Design/Logic Flaw

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

CVE-2021-32622

CVE-2021-32622 affects the Matrix-React-SDK (Matrix-React-SDK) prior to version 3.21.0. The vulnerability arises during file uploads: when a user previews an uploaded file, scripts embedded in the file can execute, but only for the local user and only after several user interactions to open the p...

CVE-2021-32622 File upload local preview can run embedded scripts after user interaction

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

Travis Ralston matrix-react-sdk 代码问题漏洞

Travis Ralston matrix-react-sdk is an open source application by Travis Ralston. Used to insert the Matrix chat/voice client into a web page. A code issue vulnerability exists in Matrix-React-SDK that arises from an improperly designed or implemented code development process for a web system or...

Cross-Site Scripting

Overview react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS. Recommendation Upgrade to version 1.14.6 or later References - CVE - GitHub Advisory...

@1studio/ui (>=1.0.7 <=2.83.0), @cloudacademy/integrations (>=0.0.2 <=0.0.15) +51 more potentially affected by CVE-2021-31712 via react-draft-wysiwyg (>=1.10.0 <=1.14.5)

react-draft-wysiwyg NPM version =1.10.0, =1.0.7, =0.0.2, =2.1.15, =0.1.0, =1.0.0, =1.0.0, =0.1.1, =0.1.5, =0.8.6, =0.0.15, =2.1.19, =1.0.0, =0.10.5, =0.0.8, =0.2.5 and more Source cves: CVE-2021-31712 Source advisory: OSV:GHSA-QCG2-H349-VWM3...

Cross-site Scripting in React Draft Wysiwyg

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

GHSA-QCG2-H349-VWM3 Cross-site Scripting in React Draft Wysiwyg

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

CVE-2021-31712

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

CVE-2021-31712

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...