Description
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `
Remediation
References
https://github.com/marmelab/react-admin/pull/8644
https://github.com/marmelab/react-admin/pull/8645
https://github.com/marmelab/react-admin/releases/tag/v3.19.12
https://github.com/marmelab/react-admin/releases/tag/v4.7.6
https://github.com/marmelab/react-admin/security/advisories/GHSA-5jcr-82fh-339v
Related Vulnerabilities
CVE-2019-6284 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2017-14949 Vulnerability in maven package org.restlet.osgi:org.restlet
CVE-2022-29078 Vulnerability in npm package ejs
CVE-2020-7606 Vulnerability in npm package docker-compose-remote-api
CVE-2023-42276 Vulnerability in maven package cn.hutool:hutool-json