react-editable-json-tree@1.6.0 vulnerabilities

React Editable Json Tree

Direct Vulnerabilities

Known vulnerabilities in the react-editable-json-tree package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Eval Injection

react-editable-json-tree is a React Editable Json Tree

Affected versions of this package are vulnerable to Eval Injection due to missing sanitization of values within the JSON structure being displayed.

Note:

In order to fully mitigate this vulnerability user must set the JsonTree component's allowFunctionEvaluation prop to false

Users who have defined a custom onSubmitValueParser callback prop on the JsonTree component are unaffected.

How to fix Eval Injection?

Upgrade react-editable-json-tree to version 2.2.2 or higher.

<2.2.2