GoogleOSV:GHSA-2J79-8PQC-R7X6react-native-reanimated vulnerable to ReDoS
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
54.8%
The package react-native-reanimated before 2.10.0 is vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
| CPE | Name | Operator | Version |
|---|---|---|---|
| react-native-reanimated | lt | 2.10.0 |
References
github.com/software-mansion/react-native-reanimated
github.com/software-mansion/react-native-reanimated/commit/8a927904366fa2d02df7a11553f8b0aa93471279
github.com/software-mansion/react-native-reanimated/compare/2.9.1...2.10.0
github.com/software-mansion/react-native-reanimated/pull/3382
github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1
nvd.nist.gov/vuln/detail/CVE-2022-24373
security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
54.8%