CVE-2020-1920

Summary

A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.

Affected Software

VendorProductVersion RangeStatus
Facebookreact-native0.64.1 < unspecifiedunaffected
Facebookreact-native0.59.0 < unspecifiedaffected

Weaknesses

  • CWE-1333: CWE-1333: Inefficient Regular Expression Complexity

ADP Enrichment

CVE Program Container

Additional References

References