search

facebook / create-react-app

Set up a modern web app by running one command.
https://create-react-app.dev
MIT License
102.79k stars 26.87k forks source link

react-scripts - CVE-2024-33883 for ejs module shipped with react-scripts - CVSS 9.8 #13590

Open sertechside opened 6 months ago

sertechside commented 6 months ago

Describe the bug

CVE-2024-33883 - react-scripts ejs module - CVSS 9.8 - https://github.com/advisories/GHSA-ghr5-ch3p-vcr6 The ejs module. is embedded in react-script along with other modules.

react-scripts-5.1.0-next.14.tgz ->workbox-webpack-plugin-6.6.60.tgz-workbox-build-6.6.0.tgs -> rollup-plugin-off-main-thread-2.2.3.tgx->ejs3.1.9

(Write your answer here.) would you please check and make sure to provide fixed react-scripts w updated/fixed modules (eg.ejs3.1.10). thank you. kind regards,

Did you try recovering your dependencies?

(Write your answer here.)

Which terms did you search for in User Guide?

(Write your answer here if relevant.)

Environment

(paste the output of the command here.)

Steps to reproduce

(Write your steps here:)

1. 2. 3.

Expected behavior

(Write what you thought would happen.)

Actual behavior

(Write what happened. Please add screenshots!)

Reproducible demo

(Paste the link to an example project and exact instructions to reproduce the issue.)

sertechside commented 6 months ago

hi @saimonmoore , is react-scripts still supported? could you please assign it a maintaner for update? thank you. kind regards.