react-native-webview@2.12.0 vulnerabilities

React Native WebView component for iOS, Android, macOS, and Windows

Direct Vulnerabilities

Known vulnerabilities in the react-native-webview package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-site Scripting (XSS)

react-native-webview is a React Native WebView component for iOS, Android, macOS, and Windows

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A universal cross-site scripting (UXSS) vulnerability has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps which use a react-native-webview that allows navigation to arbitrary URLs, and when that app runs on systems with an Android WebView version prior to 83.0.4103.106.

How to fix Cross-site Scripting (XSS)?

Upgrade react-native-webview to version 11.0.0 or higher.

<11.0.0