Skip to content

CVE in example #251

Open
Open
CVE in example#251
@ilteoood

Description

@ilteoood
ilteoood
opened on Nov 21, 2025

Running trivy to search for CVEs, this is the output we have after installing react-native-qrcode-svg:

node_modules/react-native-qrcode-svg/Example/Gemfile.lock (bundler)
===================================================================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                   Title                    │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤
│ rexml   │ CVE-2024-49761 │ HIGH     │ fixed  │ 3.2.6             │ >= 3.3.9      │ rexml: REXML ReDoS vulnerability           │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-49761 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘

Would it be possible to fix?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions