Open mend-bolt-for-github[bot] opened 2 years ago
More powerful alternative to Animated library for React Native.
Library home page: https://registry.npmjs.org/react-native-reanimated/-/react-native-reanimated-2.2.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy: - app-0.0.1.tgz (Root Library) - :x: **react-native-reanimated-2.2.0.tgz** (Vulnerable Library)
Found in HEAD commit: fb58f1e27d0cb59d5d7b00c9e41d86cc6468fc94
Found in base branch: main
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
Publish Date: 2022-09-30
URL: CVE-2022-24373
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-2j79-8pqc-r7x6
Release Date: 2022-09-30
Fix Resolution: react-native-reanimated - 2.10.0
Step up your Open Source Security Game with Mend here
CVE-2022-24373 - Medium Severity Vulnerability
More powerful alternative to Animated library for React Native.
Library home page: https://registry.npmjs.org/react-native-reanimated/-/react-native-reanimated-2.2.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy: - app-0.0.1.tgz (Root Library) - :x: **react-native-reanimated-2.2.0.tgz** (Vulnerable Library)
Found in HEAD commit: fb58f1e27d0cb59d5d7b00c9e41d86cc6468fc94
Found in base branch: main
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
Publish Date: 2022-09-30
URL: CVE-2022-24373
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-2j79-8pqc-r7x6
Release Date: 2022-09-30
Fix Resolution: react-native-reanimated - 2.10.0
Step up your Open Source Security Game with Mend here