CVE-2020-1920

2021-06-0111:45:12

CWE-1333

facebook

www.cve.org

0.001 Low

EPSS

Percentile

43.1%

JSON

A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.

CNA Affected

[
  {
    "product": "react-native",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "0.64.1",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0.59.0",
        "versionType": "custom"
      }
    ]
  }
]