Lucene search
PRIOn knowledge basePRION:CVE-2022-24373HistorySep 30, 2022 - 5:15 a.m.
Design/Logic Flaw
2022-09-3005:15:00
PRIOn knowledge base
www.prio-n.com
3
vulnerability
react native
redos
colors.js
parser
0.002 Low
EPSS
Percentile
54.8%
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
| CPE | Name | Operator | Version |
|---|---|---|---|
| react_native_reanimated | lt | 2.10.0 |
References
github.com/software-mansion/react-native-reanimated/pull/3382
github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1
security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507
Related
cvelist
cvelist
CVE-2022-24373 Regular Expression Denial of Service (ReDoS)
2022-09-30 00:00:00
cve
cve
CVE-2022-24373
2022-09-30 05:15:11
nvd
nvd
CVE-2022-24373
2022-09-30 05:15:11
osv
osv
react-native-reanimated vulnerable to ReDoS
2022-10-01 00:00:24
CVE-2022-24373
2022-09-30 05:15:11
github
github
react-native-reanimated vulnerable to ReDoS
2022-10-01 00:00:24
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2022-10-03 10:02:12