Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-29gp-92wp-94q8

GitHub Security Advisory

react-dev-utils on Windows vulnerable to Remote Code Execution

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

`react-dev-utils` on Windows is vulnerable to remote code execution.

## Recommendation

Update to one of the following versions, depending on the release line that you are using.
- 1.0.4
- 2.0.2
- 3.1.2
- 4.2.2
- 5.0.2
- 6.0.0-next.a671462c

Affected Packages

npm react-dev-utils
Affected versions: 1.0.0 (fixed in 1.0.4)
npm react-dev-utils
Affected versions: 2.0.0 (fixed in 2.0.2)
npm react-dev-utils
Affected versions: 3.0.0 (fixed in 3.1.2)
npm react-dev-utils
Affected versions: 4.0.0 (fixed in 4.2.2)
npm react-dev-utils
Affected versions: 5.0.0 (fixed in 5.0.2)

Related CVEs

CVE-2018-6342

Key Information

GHSA ID
GHSA-29gp-92wp-94q8
Published
January 4, 2019 5:41 PM
Last Modified
August 3, 2022 7:36 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
react-dev-utils
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.