CVE-2022-24373

React Native Reanimated is vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of a regular expression in the Colors.js parser. Affected versions are prior to 3.0.0-rc.1 (and, per multiple sources, prior to 2.10.0 as well). The root cause is the Colors.js parser’s reg...

CVE-2022-24373 Regular Expression Denial of Service (ReDoS)

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...

CVE-2022-24373 Regular Expression Denial of Service (ReDoS)

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...

react-native-reanimated 资源管理错误漏洞

react-native-reanimated is an open source reimplementation of an animation library for React Native by Software Mansion. A resource management error vulnerability exists in versions prior to react-native-reanimated 3.0.0-rc.1, which stems from the incorrect use of regular expressions by the...

PT-2022-16652 · Unknown +1 · React-Native-Reanimated +1

Name of the Vulnerable Software and Affected Versions: react-native-reanimated versions prior to 3.0.0-rc.1 react-native-reanimated versions prior to 2.10.0 Description: The issue is related to a Regular Expression Denial of Service ReDoS in the parser of Colors.js due to improper usage of regula...

Malicious Package

Overview react-native-animated-fox is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview react-native-aes-crypto-forked is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

MAL-2022-5655 Malicious code in react-nati0e-vecor-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e0e350c78d225cd75ed5e2ca0291e0d192e6892797c1a7a61c762bfcb2fe39e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-nati0e-vecor-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e0e350c78d225cd75ed5e2ca0291e0d192e6892797c1a7a61c762bfcb2fe39e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ractnative (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13712f2e5e0e0ef3e2f23f220a2abbdd495085a6b3091e14510129580b3aacff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview stripe-identity-react-native is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

@toggled-apps/react-native-collapsible-scroll (>=1.0.0 <=1.0.2), @toggled-apps/react-native-product-carousel (=1.0.3) +9 more potentially affected by CVE-2022-24373 via react-native-reanimated (>=2.0.0-rc.0 <=2.0.1)

react-native-reanimated NPM version =2.0.0-rc.0, =1.0.0, =1.0.0, =41.0.0, =41.0.0, =1.0.0, =1.1.0, =1.1.2 - ui-ux =0.0.1 Source cves: CVE-2022-24373 Source advisory: SNYK:JS-REACTNATIVEREANIMATED-2949507...

Regular Expression Denial of Service (ReDoS)

Overview react-native-reanimated is a More powerful alternative to Animated library for React Native. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js. PoC js new...

react-native-url-preview (>=1.1.1 <=1.1.9), react-native-url-preview-tgp (=1.1.9) +1 more potentially affected by CVE-2022-25876 via link-preview-js (>=1.6.0 <=2.1.13)

link-preview-js NPM version =1.6.0, =1.1.1, =2.1.4, =2.2.0 Source cves: CVE-2022-25876 Source advisory: OSV:GHSA-H9CW-7G8J-H66H...

Malicious Package

Overview react-native-performance-monorepo is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...

Malicious Package

Overview @react-native-tscodegen/tslint-shared is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...

react-native-url-preview (=1.1.9), react-native-url-preview-tgp (=1.1.9) +1 more potentially affected by CVE-2022-25876 via link-preview-js (>=2.0.4 <=2.1.13)

link-preview-js NPM version =2.0.4, =2.1.4, =2.2.0 Source cves: CVE-2022-25876 Source advisory: SNYK:JS-LINKPREVIEWJS-2933520...

MAL-2022-555 Malicious code in @react-native-tscodegen/tslint-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e2920511a6030acb6748a13dce7281e827a19c4c2e46c876e98887d428d3717 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fantasy-android-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0cb3db34a20c520973803672a3bd3c37e25de973b52f16f86733814eb07a3810 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2966 Malicious code in fantasy-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ad3855b3b7c4df575505453fa0698a7dff1eaf3c124a19e6995f2f66b19b8fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...