CVE-2022-24373

EUVD-2022-6990
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
snykCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
swmansionreact_native_reanimated
𝑥
< 2.10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/software-mansion/react-native-reanimated/pull/3382
https://github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
https://github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1
https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507
https://github.com/software-mansion/react-native-reanimated/pull/3382
https://github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
https://github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1
https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507