Homepage

react-editable-json-tree@2.0.0 vulnerabilities

React Editable Json Tree

  • latest version

    2.3.0

  • latest non vulnerable version

    2.3.0

  • first published

    8 years ago

  • latest version published

    2 years ago

  • licenses detected

  • View react-editable-json-tree package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the react-editable-json-tree package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Eval Injection

    react-editable-json-tree is a React Editable Json Tree

    Affected versions of this package are vulnerable to Eval Injection due to missing sanitization of values within the JSON structure being displayed.

    Note:

    In order to fully mitigate this vulnerability user must set the JsonTree component's allowFunctionEvaluation prop to false

    Users who have defined a custom onSubmitValueParser callback prop on the JsonTree component are unaffected.

    How to fix Eval Injection?

    Upgrade react-editable-json-tree to version 2.2.2 or higher.

    <2.2.2
    Go back to all versions of this package