2 matches found
@2600hz/sds-react-native-components (>=0.1.0 <=1.8.1), @abdur-rakib/react-native-button (>=0.0.1 <=0.0.3) +624 more potentially affected by CVE-2020-1920 via react-native (>=0.63.0 <=0.64.0)
react-native NPM version =0.63.0, =0.1.0, =0.0.1, =0.1.0, =2.5.0, =0.0.1, =1.0.0, =1.0.1, =1.1.4, =1.0.0, =1.0.4, =1.0.3, =3.0.0, =1.2.1, =1.0.0, =1.0.3 and more Source cves: CVE-2020-1920 Source advisory: OSV:GHSA-7F53-FMMV-MFJV...
CVE-2020-1920
Summary of CVE-2020-1920 (CVE entry mode C) The issue is a ReDoS vulnerability in react-native's validateBaseUrl function . It affects react-native versions from 0.59.0 through 0.64.1 , where crafting a URL can cause the application to consume excessive resources, become unresponsive, or crash. T...