CVE-2021-24033 – react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input arg …

9 March 2021

Vuln ID: CVE-2021-24033

Published: 2021-03-09 01:15:13Z

Description: react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you’re consuming it from react-scripts then this issue does not affect you.

Source: NVD.NIST.GOV

Date:

9 March 2021

Categorie(s):

NVD

Tag(s):

NVD

Four trends to top the CISO’s packed agenda26 April 2024
Microsoft Publicly Releases MS-DOS 4.0 Source Code26 April 2024
New SSLoad Malware Combined With Tools Hijacking Entire Network Domain26 April 2024
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites26 April 2024
Top 5 MSP Cyberattacks in 2023/202426 April 2024