Vulnerability Details CVE-2020-1920
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7
- https://github.com/facebook/react-native/releases/tag/v0.64.1
- https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7
- https://github.com/facebook/react-native/releases/tag/v0.64.1
Products affected by CVE-2020-1920
-
cpe:2.3:a:facebook:react-native:0.59.0
-
cpe:2.3:a:facebook:react-native:0.59.1
-
cpe:2.3:a:facebook:react-native:0.59.10
-
cpe:2.3:a:facebook:react-native:0.59.2
-
cpe:2.3:a:facebook:react-native:0.59.3
-
cpe:2.3:a:facebook:react-native:0.59.4
-
cpe:2.3:a:facebook:react-native:0.59.5
-
cpe:2.3:a:facebook:react-native:0.59.8
-
cpe:2.3:a:facebook:react-native:0.59.9
-
cpe:2.3:a:facebook:react-native:0.60.0
-
cpe:2.3:a:facebook:react-native:0.60.1
-
cpe:2.3:a:facebook:react-native:0.60.2
-
cpe:2.3:a:facebook:react-native:0.60.3
-
cpe:2.3:a:facebook:react-native:0.60.4
-
cpe:2.3:a:facebook:react-native:0.60.5
-
cpe:2.3:a:facebook:react-native:0.60.6
-
cpe:2.3:a:facebook:react-native:0.61.0
-
cpe:2.3:a:facebook:react-native:0.61.1
-
cpe:2.3:a:facebook:react-native:0.61.2
-
cpe:2.3:a:facebook:react-native:0.61.3
-
cpe:2.3:a:facebook:react-native:0.61.4
-
cpe:2.3:a:facebook:react-native:0.61.5
-
cpe:2.3:a:facebook:react-native:0.62.0
-
cpe:2.3:a:facebook:react-native:0.62.1
-
cpe:2.3:a:facebook:react-native:0.62.2
-
cpe:2.3:a:facebook:react-native:0.62.3
-
cpe:2.3:a:facebook:react-native:0.63.0
-
cpe:2.3:a:facebook:react-native:0.63.1
-
cpe:2.3:a:facebook:react-native:0.63.2
-
cpe:2.3:a:facebook:react-native:0.63.3
-
cpe:2.3:a:facebook:react-native:0.63.4
-
cpe:2.3:a:facebook:react-native:0.64.0