Cross-Site Scripting in react

GHSA-g53w-52xc-2j85 · CVE-2013-7035

Published Sep 4, 2020 · Modified Nov 8, 2023

Description

Affected versions of react are vulnerable to Cross-Site Scripting (XSS). The package fails to properly sanitize input used to create keys. This may allow attackers to execute arbitrary JavaScript if a key is generated from user input.

Recommendation

If you are using react 0.5.x, upgrade to version 0.5.2 or later.
If you are using react 0.4.x, upgrade to version 0.4.2 or later.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-7035
WEB https://github.com/facebook/react/commit/393a889aaceb761f058b09a701f889fa8f8b4e64
WEB https://github.com/facebook/react/commit/94a9a3e752fe089ab23f3a90c26d20d46d62ab10
PACKAGE https://github.com/facebook/react
WEB https://reactjs.org/blog/2013/12/18/react-v0.5.2-v0.4.2.html
WEB https://snyk.io/vuln/npm:react:20131217

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes