The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
References
Link | Resource |
---|---|
https://github.com/software-mansion/react-native-reanimated/pull/3382 | Exploit Patch Third Party Advisory |
https://github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa | Patch Third Party Advisory |
https://github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1 | Patch Release Notes Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2022-09-30T00:00:00
Updated: 2022-09-30T05:00:17
Reserved: 2022-02-24T00:00:00
Link: CVE-2022-24373
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-30T05:15:11.177
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-24373
JSON object: View
Redhat Information
No data.
CWE