Facebook React Devtools
By the Year
In 2024 there have been 0 vulnerabilities in Facebook React Devtools . Last year React Devtools had 1 security vulnerability published. Right now, React Devtools is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new React Devtools vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Facebook React Devtools Security Vulnerabilities
The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script
CVE-2023-5654
6.5 - Medium
- October 19, 2023
The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URLs via the victim's browser.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Facebook React Devtools or by Facebook? Click the Watch button to subscribe.
