Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmNTMtZm1tdi1tZmp2
Regular expression denial of service in react-native
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.
Permalink: https://github.com/advisories/GHSA-7f53-fmmv-mfjvJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmNTMtZm1tdi1tZmp2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-7f53-fmmv-mfjv, CVE-2020-1920
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-1920
- https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7
- https://github.com/facebook/react-native/releases/tag/v0.64.1
- https://www.npmjs.com/package/react-native
- https://github.com/facebook/react-native/releases/tag/v0.62.3
- https://securitylab.github.com/advisories/GHSL-2020-293-redos-react-native/
- https://github.com/advisories/GHSA-7f53-fmmv-mfjv
Blast Radius: 41.7
Affected Packages
npm:react-native
Dependent packages: 23,543Dependent repositories: 358,355
Downloads: 9,011,462 last month
Affected Version Ranges: >= 0.63.0, < 0.64.1, >= 0.59.0, < 0.62.3
Fixed in: 0.64.1, 0.62.3
All affected versions: 0.59.0, 0.59.1, 0.59.2, 0.59.3, 0.59.4, 0.59.5, 0.59.6, 0.59.7, 0.59.8, 0.59.9, 0.59.10, 0.60.0, 0.60.1, 0.60.2, 0.60.3, 0.60.4, 0.60.5, 0.60.6, 0.61.0, 0.61.1, 0.61.2, 0.61.3, 0.61.4, 0.61.5, 0.62.0, 0.62.1, 0.62.2, 0.63.0, 0.63.1, 0.63.2, 0.63.3, 0.63.4, 0.63.5, 0.64.0
All unaffected versions: 0.0.0, 0.0.5, 0.0.6, 0.1.0, 0.2.0, 0.2.1, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.3.10, 0.3.11, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.5.0, 0.6.0, 0.7.1, 0.8.0, 0.9.0, 0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.12.0, 0.13.0, 0.13.1, 0.13.2, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.22.1, 0.22.2, 0.23.0, 0.23.1, 0.24.0, 0.24.1, 0.25.1, 0.26.0, 0.26.1, 0.26.2, 0.26.3, 0.27.0, 0.27.1, 0.27.2, 0.28.0, 0.29.0, 0.29.1, 0.29.2, 0.30.0, 0.31.0, 0.32.0, 0.32.1, 0.33.0, 0.33.1, 0.34.0, 0.34.1, 0.35.0, 0.36.0, 0.36.1, 0.37.0, 0.38.0, 0.38.1, 0.39.0, 0.39.1, 0.39.2, 0.40.0, 0.41.0, 0.41.1, 0.41.2, 0.42.0, 0.42.2, 0.42.3, 0.43.0, 0.43.1, 0.43.2, 0.43.3, 0.43.4, 0.44.0, 0.44.1, 0.44.2, 0.44.3, 0.45.0, 0.45.1, 0.46.0, 0.46.1, 0.46.2, 0.46.3, 0.46.4, 0.47.0, 0.47.1, 0.47.2, 0.48.0, 0.48.1, 0.48.2, 0.48.3, 0.48.4, 0.49.0, 0.49.1, 0.49.2, 0.49.3, 0.49.5, 0.50.0, 0.50.1, 0.50.2, 0.50.3, 0.50.4, 0.51.0, 0.51.1, 0.52.0, 0.52.1, 0.52.2, 0.52.3, 0.53.0, 0.53.2, 0.53.3, 0.54.0, 0.54.1, 0.54.2, 0.54.3, 0.54.4, 0.55.0, 0.55.1, 0.55.2, 0.55.3, 0.55.4, 0.56.0, 0.56.1, 0.57.0, 0.57.1, 0.57.2, 0.57.3, 0.57.4, 0.57.5, 0.57.6, 0.57.7, 0.57.8, 0.58.0, 0.58.1, 0.58.2, 0.58.3, 0.58.4, 0.58.5, 0.58.6, 0.62.3, 0.64.1, 0.64.2, 0.64.3, 0.64.4, 0.65.0, 0.65.1, 0.65.2, 0.65.3, 0.66.0, 0.66.1, 0.66.2, 0.66.3, 0.66.4, 0.66.5, 0.67.0, 0.67.1, 0.67.2, 0.67.3, 0.67.4, 0.67.5, 0.68.0, 0.68.1, 0.68.2, 0.68.3, 0.68.4, 0.68.5, 0.68.6, 0.68.7, 0.69.0, 0.69.1, 0.69.2, 0.69.3, 0.69.4, 0.69.5, 0.69.6, 0.69.7, 0.69.8, 0.69.9, 0.69.10, 0.69.11, 0.69.12, 0.70.0, 0.70.1, 0.70.2, 0.70.3, 0.70.4, 0.70.5, 0.70.6, 0.70.7, 0.70.8, 0.70.9, 0.70.10, 0.70.11, 0.70.12, 0.70.13, 0.70.14, 0.70.15, 0.71.0, 0.71.1, 0.71.2, 0.71.3, 0.71.4, 0.71.5, 0.71.6, 0.71.7, 0.71.8, 0.71.9, 0.71.10, 0.71.11, 0.71.12, 0.71.13, 0.71.14, 0.71.15, 0.71.16, 0.71.17, 0.71.18, 0.71.19, 0.72.0, 0.72.1, 0.72.2, 0.72.3, 0.72.4, 0.72.5, 0.72.6, 0.72.7, 0.72.8, 0.72.9, 0.72.10, 0.72.11, 0.72.12, 0.72.13, 0.72.14, 0.73.0, 0.73.1, 0.73.2, 0.73.3, 0.73.4, 0.73.5, 0.73.6, 0.73.7, 0.73.8, 0.74.0, 0.74.1, 1000.0.0