Lucene search

[email protected]NVD:CVE-2022-24373

HistorySep 30, 2022 - 5:15 a.m.

CVE-2022-24373

2022-09-3005:15:11

CWE-1333

[email protected]

web.nvd.nist.gov

react native

vulnerability

colors.js

regular expression denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

54.8%

JSON

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.

Affected configurations

NVD

Node

swmansionreact_native_reanimatedRange<2.10.0

References

github.com/software-mansion/react-native-reanimated/pull/3382

github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa

github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1

security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for NVD:CVE-2022-24373

cvelist1 cve1 osv2 github1 veracode1 prion1