Vulnerability Description
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| React-Native | >= 0.59.0, < 0.64.1 |
Related Weaknesses (CWE)
References
- https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf8PatchThird Party Advisory
- https://github.com/facebook/react-native/releases/tag/v0.64.1Release NotesThird Party Advisory
- https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf8PatchThird Party Advisory
- https://github.com/facebook/react-native/releases/tag/v0.64.1Release NotesThird Party Advisory
FAQ
What is CVE-2020-1920?
CVE-2020-1920 is a vulnerability with a CVSS score of 7.5 (HIGH). A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in...
How severe is CVE-2020-1920?
CVE-2020-1920 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1920?
Check the references section above for vendor advisories and patch information. Affected products include: Facebook React-Native.