CVE-2018-6342

Name of the Vulnerable Software and Affected Versions react-dev-utils versions 1.x.x through 1.0.3 react-dev-utils versions 2.x.x through 2.0.1 react-dev-utils versions 3.x.x through 3.1.1 react-dev-utils versions 4.x.x through 4.2.1 react-dev-utils versions 5.x.x through 5.0.1

Description The issue allows an attacker to execute arbitrary commands on a targeted system by making a network request to the server, potentially via CSRF or direct request, due to improper sanitization of input to a command that launches an editor.

Recommendations Update to version 1.0.4 for the 1.x.x release line. Update to version 2.0.2 for the 2.x.x release line. Update to version 3.1.2 for the 3.x.x release line. Update to version 4.2.2 for the 4.x.x release line. Update to version 5.0.2 for the 5.x.x release line. As a temporary workaround, consider restricting access to the vulnerable command that launches an editor until a patch is applied.