For every bounty won throughout May 2021, huntr will donate half towards Indian COVID relief.
react-dev-utils includes some utilities used by Create React App.
The function getProcessForPort in react-dev-utils is vulnerable to command injection.
Create a .js file with the content below and run it, then the file pzhou@shu can be illegally created.
var getProcessForPort = require('react-dev-utils/getProcessForPort');