CVE-2026-25128 in v20 #2763
Description
Environment
CLI Version: ~20.0.0
Description
There is a vulnerablity impacting all react native cli tools:
Severity: high
fast-xml-parser has RangeError DoS Numeric Entities Bug - https://github.com/advisories/GHSA-37qj-frw5-hhjh
fix available via `npm audit fix --force`
Will install @react-native-community/cli-platform-ios@14.0.1, which is a breaking change
node_modules/fast-xml-parser
@react-native-community/cli-config-android *
Depends on vulnerable versions of fast-xml-parser
node_modules/@react-native-community/cli-config-android
@react-native-community/cli-platform-android >=15.1.1
Depends on vulnerable versions of @react-native-community/cli-config-android
node_modules/@react-native-community/cli-platform-android
@react-native-community/cli-doctor >=14.1.0
Depends on vulnerable versions of @react-native-community/cli-platform-android
Depends on vulnerable versions of @react-native-community/cli-platform-apple
Depends on vulnerable versions of @react-native-community/cli-platform-ios
node_modules/@react-native-community/cli-doctor
@react-native-community/cli >=14.1.0
Depends on vulnerable versions of @react-native-community/cli-doctor
node_modules/@react-native-community/cli
@react-native-community/cli-platform-apple >=14.1.0
Depends on vulnerable versions of fast-xml-parser
node_modules/@react-native-community/cli-platform-apple
@react-native-community/cli-platform-ios >=14.1.0
Depends on vulnerable versions of @react-native-community/cli-platform-apple
node_modules/@react-native-community/cli-platform-ios
7 high severity vulnerabilities