react-native-reanimated is vulnerable to regular expression denial of service attacks. Improper usage of the regular expression in the parser of Colors.js
allows remote attackers to cause denial of service conditions via a maliciously crafted input.
CPE | Name | Operator | Version |
---|---|---|---|
react-native-reanimated | le | 3.0.0-rc.0 | |
react-native-reanimated | le | 3.0.0-rc.0 |
github.com/software-mansion/react-native-reanimated/commit/6bdaf240725ecf5447572140585c88e93be99e46
github.com/software-mansion/react-native-reanimated/pull/3382
github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
github.com/software-mansion/react-native-reanimated/pull/3419
github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1