react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of child_process.execFileSync()
in the function getProcessIdOnPort
.
CPE | Name | Operator | Version |
---|---|---|---|
react-dev-utils | le | 6.1.1 | |
react-dev-utils | le | 11.0.3 | |
react-dev-utils | le | 6.1.1 | |
react-dev-utils | le | 11.0.3 |