CVE-2021-24033: OS Command Injection

March 9, 2021 (updated March 16, 2021)

react-dev-utils exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed.

References

nvd.nist.gov/vuln/detail/CVE-2021-24033
www.facebook.com/security/advisories/cve-2021-24033

Detect and mitigate CVE-2021-24033 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →