react-editable-json-tree is vulnerable to remote code execution.The vulnerability exists in onSubmitValueParser
prop which calls parse
function in src/utils/parse.js
because of missing sanitization of the parse parameters which allows a remote attacker to inject and execute malicious code into the system.
CPE | Name | Operator | Version |
---|---|---|---|
react-editable-json-tree | le | 2.2.1 | |
react-editable-json-tree | le | 2.2.1 |