Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
nth-check vulnerability found in react-scripts@4.0.3
See original GitHub issueHi,
I have a dashboard developed in reactjs and from last few days my github has started to display a vulnerability issue in react-scripts@4.0.3 for nth-check dependency.
react-scripts@4.0.3 uses nth-check v1.0.2 where as to resolve the vulnerability issue the recommended version is 2.1.0 or higher.
Remediation
Upgrade nth-check to version 2.0.1 or later. For example:
"dependencies": {
"nth-check": ">=2.0.1"
}
or…
"devDependencies": {
"nth-check": ">=2.0.1"
}
CVE-2021-3803
moderate severity
Vulnerable versions: < 2.0.1
Patched version: 2.0.1
nth-check is vulnerable to Inefficient Regular Expression Complexity
Dependabot cannot update nth-check to a non-vulnerable version
The latest possible version that can be installed is 1.0.2 because of the following conflicting dependency:
react-scripts@4.0.3 requires nth-check@^1.0.2 via a transitive dependency on css-select@2.1.0
The earliest fixed version is 2.0.1.
Thanks and Regards, Sandeep
Issue Analytics
- State:
- Created 2 years ago
- Reactions:5
- Comments:12 (1 by maintainers)
Top Results From Across the Web
react-scripts@4.0.3 - Snyk Vulnerability Database
Does your project rely on vulnerable package dependencies? Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities ( ...
Read more >Inefficient Regular Expression Complexity in nth-check - Stack ...
In that case I would suspect you indeed are using a vulnerable version of the reported library. You can check package-lock.json to find...
Read more >Known Exploited Vulnerabilities Catalog | CISA
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal...
Read more >nth-check - npm
About. This module can be used to parse & compile nth-checks, as they are found in CSS 3's nth-child() and ...
Read more >CVE-2021-3803 Detail - NVD
CVE-2021-3803 Detail. Description. nth-check is vulnerable to Inefficient Regular Expression Complexity. Severity. CVSS Version 3.x
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
We are waiting for this vulnerability to be fixed, since long long time. Can someone please provide us an ETA on this one ?
Could this be looked into as well? most of other vulnerabilities were fixed in react-scripts 5.0.0 except this one