react-scripts - CVE-2024-33883 for ejs module shipped with react-scripts - CVSS 9.8 #13590
Labels
Comments
|
hi @saimonmoore , is react-scripts still supported? could you please assign it a maintaner for update? thank you. kind regards. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
CVE-2024-33883 - react-scripts ejs module - CVSS 9.8 - GHSA-ghr5-ch3p-vcr6
The ejs module. is embedded in react-script along with other modules.
react-scripts-5.1.0-next.14.tgz ->workbox-webpack-plugin-6.6.60.tgz-workbox-build-6.6.0.tgs -> rollup-plugin-off-main-thread-2.2.3.tgx->ejs3.1.9
(Write your answer here.)
would you please check and make sure to provide fixed react-scripts w updated/fixed modules (eg.ejs3.1.10).
thank you. kind regards,
Did you try recovering your dependencies?
(Write your answer here.)
Which terms did you search for in User Guide?
(Write your answer here if relevant.)
Environment
(paste the output of the command here.)
Steps to reproduce
(Write your steps here:)
Expected behavior
(Write what you thought would happen.)
Actual behavior
(Write what happened. Please add screenshots!)
Reproducible demo
(Paste the link to an example project and exact instructions to reproduce the issue.)
The text was updated successfully, but these errors were encountered: