{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T08:39:12.781","vulnerabilities":[{"cve":{"id":"CVE-2021-24033","sourceIdentifier":"cve-assign@fb.com","published":"2021-03-09T01:15:13.433","lastModified":"2024-11-21T05:52:15.083","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you."},{"lang":"es","value":"react-dev-utils anterior a versión v11.0.4, expone una función, getProcessForPort, donde un argumento de entrada se concatena en una cadena de comando para ser ejecutado. Esta función se usa generalmente desde react-scripts (en los proyectos de Create React App), donde el uso es seguro. Solo cuando esta función se invoca manualmente con valores proporcionados por el usuario (es decir, mediante código personalizado) existe la posibilidad de inyección de comandos. Si lo consume desde react-scripts, este problema no le afecta"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cve-assign@fb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:react-dev-utils:*:*:*:*:*:*:*:*","versionEndExcluding":"11.0.4","matchCriteriaId":"A233E720-E5C4-48BD-B589-5A16D11BEFEE"}]}]}],"references":[{"url":"https://github.com/facebook/create-react-app/pull/10644","source":"cve-assign@fb.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://www.facebook.com/security/advisories/cve-2021-24033","source":"cve-assign@fb.com","tags":["Vendor Advisory"]},{"url":"https://github.com/facebook/create-react-app/pull/10644","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://www.facebook.com/security/advisories/cve-2021-24033","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}