React Facebook React

stack.watch can notify you when security vulnerabilities are reported in Facebook React. You can add multiple products that you use with React to create your own personal software stack watcher.

By the Year

In 2020 there have been 0 vulnerabilities in Facebook React . Last year React had 0 security vulnerabilities published.

Year Vulnerabilities Average Score
2020 0 0.00
2019 0 0.00
2018 1 6.10

It may take a day or so for new React vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Facebook React Security Vulnerabilities

React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time

CVE-2018-6341 6.1 - Medium - December 31, 2018

React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.

CVE-2018-6341 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS