CVE-2022-24373

React Native Reanimated is vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of a regular expression in the Colors.js parser. Affected versions are prior to 3.0.0-rc.1 (and, per multiple sources, prior to 2.10.0 as well). The root cause is the Colors.js parser’s reg...

CVE-2022-24373 Regular Expression Denial of Service (ReDoS)

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...

CVE-2022-24373 Regular Expression Denial of Service (ReDoS)

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...

react-native-reanimated 资源管理错误漏洞

react-native-reanimated is an open source reimplementation of an animation library for React Native by Software Mansion. A resource management error vulnerability exists in versions prior to react-native-reanimated 3.0.0-rc.1, which stems from the incorrect use of regular expressions by the...

PT-2022-16652 · Unknown +1 · React-Native-Reanimated +1

Name of the Vulnerable Software and Affected Versions: react-native-reanimated versions prior to 3.0.0-rc.1 react-native-reanimated versions prior to 2.10.0 Description: The issue is related to a Regular Expression Denial of Service ReDoS in the parser of Colors.js due to improper usage of regula...

Malicious Package

Overview experimental-entrevista-react-01 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable ...

Malicious Package

Overview migrate-ux-react is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Security Bulletin: A security vulnerability in react-scripts affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in react-scripts affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details IBM X-Force ID: 217312 DESCRIPTION: Node.js istanbul-reports module could allow a remote attacker to obtain sensitive information, caused by a reverse tabnabbin...

tauri-async-handler (>=0.1.0 <=0.4.0), tauri-react (=0.1.0) potentially affected by CVE-2022-39215 via tauri (>=0.10.0 <=0.9.2)

tauri CARGO version =0.10.0, =0.1.0, =0.4.0 - tauri-react =0.1.0 Source cves: CVE-2022-39215 Source advisory: OSV:GHSA-28M8-9J7V-X499...

Malicious Package

Overview hyrule-react-commons is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview @iamexperiences/react-auth is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Malicious Package

Overview react-native-animated-fox is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview react-native-aes-crypto-forked is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

Malicious Package

Overview fing-react-components is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Shopify: Attacker is able to query Github repositories of arbitrary Shopify Hydrogen Users

Private GitHub repositories of arbitrary Shopify Hydrogen users were accessible to attackers due to a vulnerability in the Hydrogen app. Attackers could query the GitHub account of any Hydrogen user and obtain sensitive information such as private repositories...

MAL-2022-5673 Malicious code in react-server-dom-vite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38bacfa115db90fd1da93cce7d4c6fd3d152db72097f0aea4c235e7bb27fe64d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-server-dom-vite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38bacfa115db90fd1da93cce7d4c6fd3d152db72097f0aea4c235e7bb27fe64d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Prototype Pollution

matrix-react-sdk is vulnerable to Denial Of Service DoS. The vulnerability exists because the events sent with special strings in key places can temporarily disrupt or impede the EventTileFactory, which allows an attacker to cause a room or event tile crash...

Code injection

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...

CVE-2022-36046 Unexpected server crash in Next.js version 12.2.3

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...