High Vulnerability - nth-check Regular Expression Denial of Service (ReDoS)

facebook / create-react-app

Set up a modern web app by running one command.

https://create-react-app.dev

MIT License

102.7k stars 26.84k forks source link

High Vulnerability - nth-check Regular Expression Denial of Service (ReDoS) #12948

Open GowthamiAmp opened 1 year ago

GowthamiAmp commented 1 year ago

react-scripts dependency package used nth-check@1.0.2 which is having high Vulnerability. But nth-check upgraded version has no vulnerability. So please check the possibility to fix this vulnerability.

Path: react-scripts@5.0.1 › @svgr/webpack@5.5.0 › @svgr/plugin-svgo@5.5.0 › svgo@1.3.2 › css-select@2.1.0 › nth-check@1.0.2

tomdelahaba commented 1 year ago

Seems the react-scripts team does not care about vulnerabilities there are more of them which are vulnerable, for example loader-utils as well which should be already updated to 3.x... it is (just today) 9 months since the last version release! No single minor version released, no info, nothing...

jzombie commented 1 year ago

I have a suspicion the project is no longer being maintained: https://news.ycombinator.com/item?id=34421816

WilliamPriorielloGarda commented 1 year ago

See https://github.com/facebook/create-react-app/issues/11174