CVE-2022-24373

Опубликовано: 30 сент. 2022

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

EPSS Низкий

Описание

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.

Ссылки

https://github.com/software-mansion/react-native-reanimated/pull/3382
Exploit
Patch
Third Party Advisory
https://github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
Patch
Third Party Advisory
https://github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1
Patch
Release Notes
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507
Exploit
Patch
Third Party Advisory
https://github.com/software-mansion/react-native-reanimated/pull/3382
Exploit
Patch
Third Party Advisory
https://github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
Patch
Third Party Advisory
https://github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1
Patch
Release Notes
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:swmansion:react_native_reanimated:*:*:*:*:*:*:*:*

Версия до 2.10.0 (исключая)

EPSS

Процентиль: 67%

0.00534

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-1333

Связанные уязвимости

GHSA-2j79-8pqc-r7x6

CVSS3: 7.5

github

больше 3 лет назад

react-native-reanimated vulnerable to ReDoS

EPSS

Процентиль: 67%

0.00534

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-1333