EPSS
Percentile
54.5%
react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of child_process.execFileSync() in the function getProcessIdOnPort.
child_process.execFileSync()
getProcessIdOnPort
github.com/facebook/create-react-app/pull/10644
www.facebook.com/security/advisories/cve-2021-24033