opentok-web-samples icon indicating copy to clipboard operation
opentok-web-samples copied to clipboard

Published 20 hours ago verified publisher icon opentok

react-dom-16.2.0.tgz: 1 vulnerabilities (highest severity is: 6.1)

Open mend-for-github-com[bot] opened this issue 3 years ago • 0 comments

Vulnerable Library - react-dom-16.2.0.tgz

React package for working with the DOM.

Library home page: https://registry.npmjs.org/react-dom/-/react-dom-16.2.0.tgz

Path to dependency file: /React-Basic-Video-Chat/package.json

Path to vulnerable library: /React-Basic-Video-Chat/node_modules/react-dom/package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
CVE-2018-6341 Medium 6.1 react-dom-16.2.0.tgz Direct 16.2.1

Details

CVE-2018-6341

Vulnerable Library - react-dom-16.2.0.tgz

React package for working with the DOM.

Library home page: https://registry.npmjs.org/react-dom/-/react-dom-16.2.0.tgz

Path to dependency file: /React-Basic-Video-Chat/package.json

Path to vulnerable library: /React-Basic-Video-Chat/node_modules/react-dom/package.json

Dependency Hierarchy:

  • :x: react-dom-16.2.0.tgz (Vulnerable Library)

Found in base branch: main

Vulnerability Details

React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.

Publish Date: 2018-12-31

URL: CVE-2018-6341

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6341

Release Date: 2018-12-31

Fix Resolution: 16.2.1

:rescue_worker_helmet: Automatic Remediation is available for this issue

:rescue_worker_helmet: Automatic Remediation is available for this issue.

mend-for-github-com[bot] avatar Jun 09 '22 19:06 mend-for-github-com[bot]