Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2018-6342

UNKNOWN
Published 2018-12-31T22:00:00.000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-6342. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.008
probability
of exploitation in the wild

There is a 0.8% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.729
Higher than 72.9% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Facebook

react-dev-utils

Affected Versions:

5.0.2 5.0.0 4.2.2 4.0.0 3.1.2 3.0.0 2.0.2 2.0.0 1.0.4 1.0.0 unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

react-dev-utils on Windows vulnerable to Remote Code Execution

GHSA-29gp-92wp-94q8

Advisory Details

`react-dev-utils` on Windows is vulnerable to remote code execution. ## Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c

Affected Packages

npm react-dev-utils
ECOSYSTEM: ≥1.0.0 <1.0.4
npm react-dev-utils
ECOSYSTEM: ≥2.0.0 <2.0.2
npm react-dev-utils
ECOSYSTEM: ≥3.0.0 <3.1.2
npm react-dev-utils
ECOSYSTEM: ≥4.0.0 <4.2.2
npm react-dev-utils
ECOSYSTEM: ≥5.0.0 <5.0.2

CVSS Scoring

CVSS Score

7.5

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-6342
WEB https://github.com/facebook/create-react-app/pull/4866
ADVISORY https://github.com/advisories/GHSA-29gp-92wp-94q8
PACKAGE https://github.com/facebook/create-react-app
WEB https://github.com/facebook/create-react-app/releases/tag/v1.1.5
WEB https://www.npmjs.com/advisories/695

Advisory provided by GitHub Security Advisory Database. Published: January 4, 2019, Modified: August 3, 2022

References

https://github.com/facebook/create-react-app/releases/tag/v1.1.5
https://github.com/facebook/create-react-app/pull/4866
Published: 2018-12-31T22:00:00.000Z
Last Modified: 2025-05-06T16:07:37.832Z
Copied to clipboard!