You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 18, 2022. It is now read-only.
Affected package: react-dev-utils
Ecosystem: NPM
Affected version range: >= 0.4.0, < 11.0.4
Summary: Improper Neutralization of Special Elements used in an OS Command.
Description: react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.
identifiers: [{'type': 'GHSA', 'value': 'GHSA-5q6m-3h65-w53x'}, {'type': 'CVE', 'value': 'CVE-2021-24033'}]
Fixed Version: 11.0.4
Created Date = January 25, 2022
---
The text was updated successfully, but these errors were encountered:
The text was updated successfully, but these errors were encountered: