A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.
CVE-2020-1920 - High Severity Vulnerability
Vulnerable Library - react-native-0.59.9.tgz
A framework for building native apps using React
Library home page: https://registry.npmjs.org/react-native/-/react-native-0.59.9.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/react-native/package.json
Dependency Hierarchy: - :x: **react-native-0.59.9.tgz** (Vulnerable Library)
Vulnerability Details
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.
Publish Date: 2021-06-01
URL: CVE-2020-1920
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1920
Release Date: 2021-06-01
Fix Resolution: 0.62.3
Step up your Open Source Security Game with Mend here