1968034 – (CVE-2020-1920) CVE-2020-1920 react-native: Regular expression denial of service in validateBaseUrl function

Bug 1968034 (CVE-2020-1920) - CVE-2020-1920 react-native: Regular expression denial of service in validateBaseUrl function

Summary: CVE-2020-1920 react-native: Regular expression denial of service in validateB...

Keywords:
Status:	NEW
Alias:	CVE-2020-1920
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1968564
Blocks:	1968035
TreeView+	depends on / blocked

Reported:	2021-06-04 18:31 UTC by Pedro Sampaio
Modified:	2023-07-07 08:33 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2021-06-04 18:31:21 UTC

A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.

References:

https://github.com/facebook/react-native/releases/tag/v0.64.1
https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7

Note You need to log in before you can comment on or make changes to this bug.