CVE-2020-1920

State: PUBLISHED · Published: 2021-06-01 · Updated: 2024-08-04 · Assigner: facebook

Description

A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.

CWE

CWE-1333 — CWE-1333: Inefficient Regular Expression Complexity

Affected

Facebook / react-native — v=0.64.1 <unspecified [unaffected]; v=0.59.0 <unspecified [affected]

CVSS

(none)

References

https://github.com/facebook/react-native/releases/tag/v0.64.1 x_refsource_CONFIRM
https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7 x_refsource_MISC

Source

cvelistV5-main/cves/2020/1xxx/CVE-2020-1920.json