Skip to content

react-dev-utils on Windows vulnerable to Remote Code Execution

High severity GitHub Reviewed Published Jan 4, 2019 to the GitHub Advisory Database • Updated Jan 27, 2023

Package

npm react-dev-utils (npm)

Affected versions

>= 1.0.0, < 1.0.4
>= 2.0.0, < 2.0.2
>= 3.0.0, < 3.1.2
>= 4.0.0, < 4.2.2
>= 5.0.0, < 5.0.2

Patched versions

1.0.4
2.0.2
3.1.2
4.2.2
5.0.2

Description

react-dev-utils on Windows is vulnerable to remote code execution.

Recommendation

Update to one of the following versions, depending on the release line that you are using.

  • 1.0.4
  • 2.0.2
  • 3.1.2
  • 4.2.2
  • 5.0.2
  • 6.0.0-next.a671462c

References

Published by the National Vulnerability Database Dec 31, 2018
Published to the GitHub Advisory Database Jan 4, 2019
Reviewed Jun 16, 2020
Last updated Jan 27, 2023

Severity

High

EPSS score

0.273%
(68th percentile)

Weaknesses

CVE ID

CVE-2018-6342

GHSA ID

GHSA-29gp-92wp-94q8
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.