CVE-2018-6342

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-6342

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6342.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-6342

Aliases

GHSA-29gp-92wp-94q8

Published

2018-12-31T22:29:00Z

Modified

2025-07-01T23:43:24.352073Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.

References

Affected packages

Git / github.com/facebook/create-react-app

Affected ranges

Type: GIT
Repo: https://github.com/facebook/create-react-app
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dc74990b89b5c6e143b522c759be3dac2c286514

Affected versions

babel-preset-react-app@0.*

babel-preset-react-app@0.2.1

babel-preset-react-app@1.*

babel-preset-react-app@1.0.0

babel-preset-react-app@2.*

babel-preset-react-app@2.0.0

babel-preset-react-app@2.1.0

babel-preset-react-app@3.*

babel-preset-react-app@3.0.0

babel-preset-react-app@3.0.1

babel-preset-react-app@3.0.2

babel-preset-react-app@3.0.3

babel-preset-react-app@3.1.0

babel-preset-react-app@3.1.1

create-react-app@0.*

create-react-app@0.5.0

create-react-app@0.6.0

create-react-app@0.7.0

create-react-app@1.*

create-react-app@1.0.0

create-react-app@1.0.1

create-react-app@1.0.2

create-react-app@1.0.3

create-react-app@1.0.4

create-react-app@1.3.1

create-react-app@1.3.2

create-react-app@1.3.3

create-react-app@1.4.0

create-react-app@1.4.1

create-react-app@1.4.3

create-react-app@1.5.0

create-react-app@1.5.2

eslint-config-react-app@0.*

eslint-config-react-app@0.2.1

eslint-config-react-app@0.3.0

eslint-config-react-app@0.4.0

eslint-config-react-app@0.5.1

eslint-config-react-app@1.*

eslint-config-react-app@1.0.0

eslint-config-react-app@1.0.1

eslint-config-react-app@1.0.2

eslint-config-react-app@1.0.4

eslint-config-react-app@1.0.5

eslint-config-react-app@2.*

eslint-config-react-app@2.0.0

eslint-config-react-app@2.0.1

eslint-config-react-app@2.1.0

react-dev-utils@0.*

react-dev-utils@0.1.0

react-dev-utils@0.2.1

react-dev-utils@0.3.0

react-dev-utils@0.4.0

react-dev-utils@0.4.2

react-dev-utils@0.5.0

react-dev-utils@1.*

react-dev-utils@1.0.0

react-dev-utils@1.0.1

react-dev-utils@1.0.2

react-dev-utils@1.0.3

react-dev-utils@2.*

react-dev-utils@2.0.1

react-dev-utils@3.*

react-dev-utils@3.0.0

react-dev-utils@3.0.1

react-dev-utils@3.0.2

react-dev-utils@3.1.0

react-dev-utils@4.*

react-dev-utils@4.0.0

react-dev-utils@4.0.1

react-dev-utils@4.1.0

react-dev-utils@4.2.0

react-dev-utils@4.2.1

react-dev-utils@5.*

react-dev-utils@5.0.0

react-dev-utils@5.0.1

react-error-overlay@1.*

react-error-overlay@1.0.0

react-error-overlay@1.0.1

react-error-overlay@1.0.10

react-error-overlay@1.0.2

react-error-overlay@1.0.3

react-error-overlay@1.0.4

react-error-overlay@1.0.6

react-error-overlay@1.0.7

react-error-overlay@1.0.8

react-error-overlay@1.0.9

react-error-overlay@2.*

react-error-overlay@2.0.0

react-error-overlay@2.0.1

react-error-overlay@2.0.2

react-error-overlay@3.*

react-error-overlay@3.0.0

react-error-overlay@4.*

react-error-overlay@4.0.0

react-scripts@0.*

react-scripts@0.5.0

react-scripts@0.6.1

react-scripts@0.7.0

react-scripts@0.8.0

react-scripts@0.8.1

react-scripts@0.8.2

react-scripts@0.8.3

react-scripts@0.8.4

react-scripts@0.8.5

react-scripts@0.9.0

react-scripts@1.*

react-scripts@1.0.0

react-scripts@1.0.1

react-scripts@1.0.10

react-scripts@1.0.11

react-scripts@1.0.12

react-scripts@1.0.13

react-scripts@1.0.14

react-scripts@1.0.15

react-scripts@1.0.16

react-scripts@1.0.17

react-scripts@1.0.2

react-scripts@1.0.3

react-scripts@1.0.4

react-scripts@1.0.6

react-scripts@1.0.7

react-scripts@1.0.8

react-scripts@1.0.9

react-scripts@1.1.0

react-scripts@1.1.1

react-scripts@1.1.2

react-scripts@1.1.3

react-scripts@1.1.4

v0.*

v0.1.0

v0.2.0

v0.2.1

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.5.1

v0.6.0

v0.6.1

v0.7.0

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.9.0

v0.9.2

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.16

v1.0.17

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4