Advisories for Npm/React-Dev-Utils package

react-dev-utils exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed.

react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system.