QwikSec

Security Database

CVE

CWE

Training

CVE-2020-1920

Published: Jun 1, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.

Vendor	Product	Versions
Facebook	react-native	unaffected `0.64.1 - < unspecified` affected `0.59.0 - < unspecified`

Weaknesses (CWE)

References

https://github.com/facebook/react-native/releases/tag/v0.64.1

x_refsource_CONFIRM

https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.