「React Native CLI」より開発サーバ「Metro Development Server」を起動した環境において、第三者によるコマンド実行が可能となる脆弱性「CVE-2025-11953」が明らかとなったもの。脆弱性を発見したJFrogが報告した。 サーバ起動時にデフォルトで「React Native ...

The vulnerability, tracked as CVE-2025-11953, carries a CVSS score of 9.8 out of a maximum of 10.0, indicating critical severity. It also affects the "@react-native-community/cli-server-api" package ...

Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...

A severe vulnerability was discovered in the React Native Community CLI, a popular open-source package downloaded nearly two million times every week by developers building cross-platform applications ...

Microsoft's React Native for Windows dev team announced an update in which the developer experience was improved in part by "dogfooding," referring to the practice of teams using the very same ...

Facebook and Microsoft are working together to support React Native Windows and macOS. Facebook's desktop Messenger app on Windows and macOS is built with React Native. A new sub-team at Facebook is ...

Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...

A widely popular npm package carried a critical severity vulnerability that allowed threat actors to, in certain scenarios, ...

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems ...