{"uuid": "05363eb1-b4b6-4726-bf56-bc69ae73aa08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-6342", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15149", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2018-6342\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.\n\ud83d\udccf Published: 2018-12-31T22:00:00.000Z\n\ud83d\udccf Modified: 2025-05-06T16:07:37.832Z\n\ud83d\udd17 References:\n1. https://github.com/facebook/create-react-app/releases/tag/v1.1.5\n2. https://github.com/facebook/create-react-app/pull/4866", "creation_timestamp": "2025-05-06T16:21:49.000000Z"}