Cross-Site Scripting in react

GHSA-hg79-j56m-fxgv

Published Sep 4, 2020 · Modified Oct 1, 2021

Description

Versions of react prior to 0.14.0 are vulnerable to Cross-Site Scripting (XSS). The package's createElement function fails to properly validate its input object, allowing attackers to execute arbitrary JavaScript in a victim's browser.

Recommendation

Upgrade to version 0.14.0 or later.

References

PACKAGE https://github.com/facebook/react
WEB https://reactjs.org/blog/2015/10/07/react-v0.14.html#notable-enhancements
WEB https://reactjs.org/blog/2019/10/22/react-release-channels.html#experimental-channel
WEB https://snyk.io/vuln/npm:react:20150318
WEB https://www.npmjs.com/advisories/1347
WEB http://danlec.com/blog/xss-via-a-spoofed-react-element

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes