react-editable-json-tree@1.6.0 vulnerabilities

React Editable Json Tree

latest version

2.3.0
latest non vulnerable version

2.3.0
first published

8 years ago
latest version published

2 years ago
licenses detected
- MIT
  >=0
View react-editable-json-tree package health on Snyk Advisor Open this link in a new tab

Known vulnerabilities in the react-editable-json-tree package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Eval Injection react-editable-json-tree is a React Editable Json Tree Affected versions of this package are vulnerable to Eval Injection due to missing sanitization of values within the `JSON` structure being displayed. Note: In order to fully mitigate this vulnerability user must set the `JsonTree` component's `allowFunctionEvaluation` prop to `false` Users who have defined a custom `onSubmitValueParser` callback prop on the `JsonTree` component are unaffected. How to fix Eval Injection? Upgrade `react-editable-json-tree` to version 2.2.2 or higher.	<2.2.2

react-editable-json-tree is a React Editable Json Tree

Affected versions of this package are vulnerable to Eval Injection due to missing sanitization of values within the JSON structure being displayed.

Note:

In order to fully mitigate this vulnerability user must set the JsonTree component's allowFunctionEvaluation prop to false

Users who have defined a custom onSubmitValueParser callback prop on the JsonTree component are unaffected.

How to fix Eval Injection?

Upgrade react-editable-json-tree to version 2.2.2 or higher.

<2.2.2