CVE-2022-24373

Summary

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.

Affected Software

VendorProductVersion RangeStatus
n/areact-native-reanimatedunspecified < 3.0.0-rc.1affected

Weaknesses

  • Regular Expression Denial of Service (ReDoS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References