Acdlite

**Name of the Vulnerable Software and Affected Versions** react-dev-utils versions 1.x.x through 1.0.3 react-dev-utils versions 2.x.x through 2.0.1 react-dev-utils versions 3.x.x through 3.1.1 react-dev-utils versions 4.x.x through 4.2.1 react-dev-utils versions 5.x.x through 5.0.1 **Description** The issue allows an attacker to execute arbitrary commands on a targeted system by making a network request to the server, potentially via CSRF or direct request, due to improper sanitization of input to a command that launches an editor. **Recommendations** Update to version 1.0.4 for the 1.x.x release line. Update to version 2.0.2 for the 2.x.x release line. Update to version 3.1.2 for the 3.x.x release line. Update to version 4.2.2 for the 4.x.x release line. Update to version 5.0.2 for the 5.x.x release line. As a temporary workaround, consider restricting access to the vulnerable command that launches an editor until a patch is applied.