CVE-2020-1920
N/A
N/A
Summary
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| react-native | 0.64.1 < unspecified | unaffected | |
| react-native | 0.59.0 < unspecified | affected |
Weaknesses
- CWE-1333: CWE-1333: Inefficient Regular Expression Complexity
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/facebook/react-native/releases/tag/v0.64.1
- https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7
References
- https://github.com/facebook/react-native/releases/tag/v0.64.1
- https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.