CVE-2020-1920

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

Denial of service

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

CVE-2020-1920

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

CVE-2020-1920

Summary of CVE-2020-1920 (CVE entry mode C) The issue is a ReDoS vulnerability in react-native's validateBaseUrl function . It affects react-native versions from 0.59.0 through 0.64.1 , where crafting a URL can cause the application to consume excessive resources, become unresponsive, or crash. T...

PT-2021-10305 · Facebook · React Native

Name of the Vulnerable Software and Affected Versions: react-native versions 0.59.0 through 0.64.1 Description: A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash...

React Native代码问题漏洞

React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A code issue vulnerability exists in react-native version 0.59.0, which stems from a regular expression in the validateBaseUrl function that could cause an application to use too many...

Remote Code Execution (RCE)

matrix-react-sdk is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by accessing the local file preview when uploading a malicious file...

Credential leak in react-native-fast-image

Overview This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other...

Credential leak in react-native-fast-image

This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session toke...

@agungkes/react-native-scalable-image (>=1.0.1 <=1.0.2), @applicaster/zapp-react-native-fast-image (>=1.0.0 <=1.1.0-beta.0) +35 more potentially affected by CVE-2020-7696 via react-native-fast-image (>=4.0.14 <=8.2.0)

react-native-fast-image NPM version =4.0.14, =1.0.1, =1.0.0, =1.0.0, =1.8.20, =1.0.21, =0.0.8, =0.0.8, =0.0.1, =0.0.1, =0.10.25, =1.0.113, =1.0.220 - inso-motorbike-liability =1.0.2 and more Source cves: CVE-2020-7696 Source advisory: OSV:GHSA-6XHG-Q9C8-RJ32...

GHSA-6XHG-Q9C8-RJ32 Credential leak in react-native-fast-image

This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session toke...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2021-32622 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2021-32622 Source advisory: OSV:GHSA-8796-GC9J-63RV...

CVE-2021-32622

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

CVE-2021-32622

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

Design/Logic Flaw

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

CVE-2021-32622 File upload local preview can run embedded scripts after user interaction

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

CVE-2021-32622

CVE-2021-32622 affects the Matrix-React-SDK (Matrix-React-SDK) prior to version 3.21.0. The vulnerability arises during file uploads: when a user previews an uploaded file, scripts embedded in the file can execute, but only for the local user and only after several user interactions to open the p...

Travis Ralston matrix-react-sdk 代码问题漏洞

Travis Ralston matrix-react-sdk is an open source application by Travis Ralston. Used to insert the Matrix chat/voice client into a web page. A code issue vulnerability exists in Matrix-React-SDK that arises from an improperly designed or implemented code development process for a web system or...

Cross-Site Scripting

Overview react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS. Recommendation Upgrade to version 1.14.6 or later References - CVE - GitHub Advisory...

@1studio/ui (>=1.0.7 <=2.83.0), @cloudacademy/integrations (>=0.0.2 <=0.0.15) +51 more potentially affected by CVE-2021-31712 via react-draft-wysiwyg (>=1.10.0 <=1.14.5)

react-draft-wysiwyg NPM version =1.10.0, =1.0.7, =0.0.2, =2.1.15, =0.1.0, =1.0.0, =1.0.0, =0.1.1, =0.1.5, =0.8.6, =0.0.15, =2.1.19, =1.0.0, =0.10.5, =0.0.8, =0.2.5 and more Source cves: CVE-2021-31712 Source advisory: OSV:GHSA-QCG2-H349-VWM3...