CVE-2020-1920

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-1920

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1920.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-1920

Aliases

GHSA-7f53-fmmv-mfjv

Published

2021-06-01T14:15:08.347Z

Modified

2025-12-05T10:03:46.472548Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.

References

Affected packages

Git / github.com/facebook/react-native

Affected ranges

Type: GIT
Repo: https://github.com/facebook/react-native
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

787567a15014c73b87353b7d418c064c5643e7cc

Fixed

ca09ae82715e33c9ac77b3fa55495cf84ba891c7

Affected versions

v0.*

v0.1.0

v0.2.0

v0.2.1

v0.23.0-rc

v0.3.0

v0.3.1

v0.3.11

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.5.0-rc

v0.54.0-rc.2

v0.62.0

v0.62.0-rc.0

v0.62.0-rc.1

v0.62.0-rc.2

v0.62.0-rc.3

v0.62.0-rc.4

v0.62.0-rc.5

v0.62.1

v0.62.2

v0.64.0

v0.64.0-rc.0

v0.64.0-rc.1

v0.64.0-rc.2

v0.64.0-rc.3

v0.64.0-rc.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1920.json"

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "38648504482845758380890527369223853047",
                "237330615071155511770482017833663329878",
                "76753654515882591088767598865977268070"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1920-697b472b",
        "signature_type": "Line",
        "source": "https://github.com/facebook/react-native/commit/787567a15014c73b87353b7d418c064c5643e7cc",
        "target": {
            "file": "ReactAndroid/src/main/java/com/facebook/react/modules/systeminfo/ReactNativeVersion.java"
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "digest": {
            "line_hashes": [
                "181531448390723639034103199115214914710",
                "144467566250035608914775916386623595855",
                "110479464497664185125002398735225219149",
                "184865437213501378424942131855546629974"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1920-f75ef8f3",
        "signature_type": "Line",
        "source": "https://github.com/facebook/react-native/commit/787567a15014c73b87353b7d418c064c5643e7cc",
        "target": {
            "file": "ReactCommon/cxxreact/ReactNativeVersion.h"
        },
        "deprecated": false,
        "signature_version": "v1"
    }
]