admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-21 17:40:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-24373.md

20 lines
965 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-24373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24373)
![](https://img.shields.io/static/v1?label=Product&message=react-native-reanimated&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%203.0.0-rc.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Regular%20Expression%20Denial%20of%20Service%20(ReDoS)&color=brighgreen)
### Description
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
### POC
#### Reference
- https://github.com/software-mansion/react-native-reanimated/pull/3382
- https://github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
- https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507
#### Github
- https://github.com/karimhabush/cyberowl
Reference in New Issue Copy Permalink