Описание
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.59.0 (включая) до 0.64.1 (исключая)
cpe:2.3:a:facebook:react-native:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00208
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-1333
CWE-697
Связанные уязвимости
CVSS3: 7.5
github
больше 4 лет назад
Regular expression denial of service in react-native
EPSS
Процентиль: 43%
0.00208
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-1333
CWE-697