13.12.5
9 years ago
12 days ago
Known vulnerabilities in the react-native-webview package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
react-native-webview is a React Native WebView component for iOS, Android, macOS, and Windows Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A universal cross-site scripting (UXSS) vulnerability has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps which use a react-native-webview that allows navigation to arbitrary URLs, and when that app runs on systems with an Android WebView version prior to 83.0.4103.106. How to fix Cross-site Scripting (XSS)? Upgrade | <11.0.0 |