SnykCVELIST:CVE-2022-24373CVE-2022-24373 Regular Expression Denial of Service (ReDoS)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
0.002 Low
EPSS
Percentile
54.8%
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
CNA Affected
[
{
"product": "react-native-reanimated",
"vendor": "n/a",
"versions": [
{
"lessThan": "3.0.0-rc.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
github.com/software-mansion/react-native-reanimated/pull/3382
github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1
security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
0.002 Low
EPSS
Percentile
54.8%