Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
react-dev-utils 操作系统命令注入漏洞
Vulnerability Description
Helper create-react-app是 (Helper)开源的一个应用程序。用于隐藏在弹出时不应给用户带来负担的代码。 react-dev-utils prior to v11.0.4 存在操作系统命令注入漏洞,该漏洞源于当使用用户提供的值手动调用这个getProcessForPort函数时,才有可能出现命令注入。
CVSS Information
N/A
Vulnerability Type
N/A