CVE-2018-6342
react-dev-utils on Windows vulnerable to Remote Code Execution
EPSS 0.79%
描述
`react-dev-utils` on Windows is vulnerable to remote code execution. ## Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c
如何修補 CVE-2018-6342
要修補 CVE-2018-6342,請將受影響套件升級到下列已修補版本。
- npm/react-dev-utils—升級至 1.0.4 或更新版本
CVE-2018-6342 正在被利用嗎?
低 — EPSS 為 0.8%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 1.0.0, < 1.0.4