CVE-2018-6342
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-6342
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6342.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-6342
- Aliases
- Published
- 2018-12-31T22:29:00Z
- Modified
- 2025-05-28T10:07:08.868714Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.
- References
Affected packages
Git / github.com/facebook/create-react-app
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/create-react-app
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
babel-preset-react-app@0.*
babel-preset-react-app@0.2.1
babel-preset-react-app@1.*
babel-preset-react-app@1.0.0
babel-preset-react-app@2.*
babel-preset-react-app@2.0.0
babel-preset-react-app@2.1.0
babel-preset-react-app@3.*
babel-preset-react-app@3.0.0
babel-preset-react-app@3.0.1
babel-preset-react-app@3.0.2
babel-preset-react-app@3.0.3
babel-preset-react-app@3.1.0
babel-preset-react-app@3.1.1
create-react-app@0.*
create-react-app@0.5.0
create-react-app@0.6.0
create-react-app@0.7.0
create-react-app@1.*
create-react-app@1.0.0
create-react-app@1.0.1
create-react-app@1.0.2
create-react-app@1.0.3
create-react-app@1.0.4
create-react-app@1.3.1
create-react-app@1.3.2
create-react-app@1.3.3
create-react-app@1.4.0
create-react-app@1.4.1
create-react-app@1.4.3
create-react-app@1.5.0
create-react-app@1.5.2
eslint-config-react-app@0.*
eslint-config-react-app@0.2.1
eslint-config-react-app@0.3.0
eslint-config-react-app@0.4.0
eslint-config-react-app@0.5.1
eslint-config-react-app@1.*
eslint-config-react-app@1.0.0
eslint-config-react-app@1.0.1
eslint-config-react-app@1.0.2
eslint-config-react-app@1.0.4
eslint-config-react-app@1.0.5
eslint-config-react-app@2.*
eslint-config-react-app@2.0.0
eslint-config-react-app@2.0.1
eslint-config-react-app@2.1.0
react-dev-utils@0.*
react-dev-utils@0.1.0
react-dev-utils@0.2.1
react-dev-utils@0.3.0
react-dev-utils@0.4.0
react-dev-utils@0.4.2
react-dev-utils@0.5.0
react-dev-utils@1.*
react-dev-utils@1.0.0
react-dev-utils@1.0.1
react-dev-utils@1.0.2
react-dev-utils@1.0.3
react-dev-utils@2.*
react-dev-utils@2.0.1
react-dev-utils@3.*
react-dev-utils@3.0.0
react-dev-utils@3.0.1
react-dev-utils@3.0.2
react-dev-utils@3.1.0
react-dev-utils@4.*
react-dev-utils@4.0.0
react-dev-utils@4.0.1
react-dev-utils@4.1.0
react-dev-utils@4.2.0
react-dev-utils@4.2.1
react-dev-utils@5.*
react-dev-utils@5.0.0
react-dev-utils@5.0.1
react-error-overlay@1.*
react-error-overlay@1.0.0
react-error-overlay@1.0.1
react-error-overlay@1.0.10
react-error-overlay@1.0.2
react-error-overlay@1.0.3
react-error-overlay@1.0.4
react-error-overlay@1.0.6
react-error-overlay@1.0.7
react-error-overlay@1.0.8
react-error-overlay@1.0.9
react-error-overlay@2.*
react-error-overlay@2.0.0
react-error-overlay@2.0.1
react-error-overlay@2.0.2
react-error-overlay@3.*
react-error-overlay@3.0.0
react-error-overlay@4.*
react-error-overlay@4.0.0
react-scripts@0.*
react-scripts@0.5.0
react-scripts@0.6.1
react-scripts@0.7.0
react-scripts@0.8.0
react-scripts@0.8.1
react-scripts@0.8.2
react-scripts@0.8.3
react-scripts@0.8.4
react-scripts@0.8.5
react-scripts@0.9.0
react-scripts@1.*
react-scripts@1.0.0
react-scripts@1.0.1
react-scripts@1.0.10
react-scripts@1.0.11
react-scripts@1.0.12
react-scripts@1.0.13
react-scripts@1.0.14
react-scripts@1.0.15
react-scripts@1.0.16
react-scripts@1.0.17
react-scripts@1.0.2
react-scripts@1.0.3
react-scripts@1.0.4
react-scripts@1.0.6
react-scripts@1.0.7
react-scripts@1.0.8
react-scripts@1.0.9
react-scripts@1.1.0
react-scripts@1.1.1
react-scripts@1.1.2
react-scripts@1.1.3
react-scripts@1.1.4
v0.*
v0.1.0
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.9.0
v0.9.2
v1.*
v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.16
v1.0.17
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4