Lucene search
Veracode Vulnerability DatabaseVERACODE:37392HistoryOct 03, 2022 - 10:02 a.m.
Regular Expression Denial Of Service (ReDoS)
2022-10-0310:02:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
115
vulnerability remote attackers denial of service
0.002 Low
EPSS
Percentile
54.8%
react-native-reanimated is vulnerable to regular expression denial of service attacks. Improper usage of the regular expression in the parser of Colors.js allows remote attackers to cause denial of service conditions via a maliciously crafted input.
| CPE | Name | Operator | Version |
|---|---|---|---|
| react-native-reanimated | le | 3.0.0-rc.0 | |
| react-native-reanimated | le | 3.0.0-rc.0 |
References
github.com/software-mansion/react-native-reanimated/commit/6bdaf240725ecf5447572140585c88e93be99e46
github.com/software-mansion/react-native-reanimated/pull/3382
github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
github.com/software-mansion/react-native-reanimated/pull/3419
github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1
Related
cvelist
cvelist
CVE-2022-24373 Regular Expression Denial of Service (ReDoS)
2022-09-30 00:00:00
cve
cve
CVE-2022-24373
2022-09-30 05:15:11
nvd
nvd
CVE-2022-24373
2022-09-30 05:15:11
prion
prion
Design/Logic Flaw
2022-09-30 05:15:00
osv
osv
CVE-2022-24373
2022-09-30 05:15:11
react-native-reanimated vulnerable to ReDoS
2022-10-01 00:00:24
github
github
react-native-reanimated vulnerable to ReDoS
2022-10-01 00:00:24