react-dev-utils on Windows vulnerable to Remote Code Execution

Description

react-dev-utils on Windows is vulnerable to remote code execution.

Recommendation

Update the react-dev-utils package to the latest compatible version. Followings are version details:

• Affected version(s): **>= 5.0.0, < 5.0.2

  >= 4.0.0, < 4.2.2

  >= 3.0.0, < 3.1.2

  >= 2.0.0, < 2.0.2

  >= 1.0.0, < 1.0.4**

• Patched version(s): **5.0.2

  4.2.2

  3.1.2

  2.0.2

  1.0.4**

References

• GHSA-29gp-92wp-94q8
• www.npmjs.com
• CVE-2018-6342
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• angular-base64-upload vulnerable to unauthenticated remote code execution - CVE-2024-42640
• paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass - CVE-2026-41679
• paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass - paperclipai - CVE-2026-41679
• Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages - CVE-2025-59417

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

react-dev-utils