CVE-2018-6341
CVE-2018-6341
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 3.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
31 dic 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Facebook · react-dom¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →