create-react-app icon indicating copy to clipboard operation
create-react-app copied to clipboard
verified publisher icon facebook

react-scripts - CVE-2024-33883 for ejs module shipped with react-scripts - CVSS 9.8

Open sertechside opened this issue 1 year ago • 1 comments

Describe the bug

CVE-2024-33883 - react-scripts ejs module - CVSS 9.8 - https://github.com/advisories/GHSA-ghr5-ch3p-vcr6 The ejs module. is embedded in react-script along with other modules.

react-scripts-5.1.0-next.14.tgz ->workbox-webpack-plugin-6.6.60.tgz-workbox-build-6.6.0.tgs -> rollup-plugin-off-main-thread-2.2.3.tgx->ejs3.1.9

(Write your answer here.) would you please check and make sure to provide fixed react-scripts w updated/fixed modules (eg.ejs3.1.10). thank you. kind regards,

Did you try recovering your dependencies?

(Write your answer here.)

Which terms did you search for in User Guide?

(Write your answer here if relevant.)

Environment

(paste the output of the command here.)

Steps to reproduce

(Write your steps here:)

Expected behavior

(Write what you thought would happen.)

Actual behavior

(Write what happened. Please add screenshots!)

Reproducible demo

(Paste the link to an example project and exact instructions to reproduce the issue.)

sertechside avatar May 16 '24 09:05 sertechside

hi @saimonmoore , is react-scripts still supported? could you please assign it a maintaner for update? thank you. kind regards.

sertechside avatar May 16 '24 13:05 sertechside