High severityNVD Advisory· Published Sep 30, 2022· Updated May 20, 2025
Regular Expression Denial of Service (ReDoS)
CVE-2022-24373
Description
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
react-native-reanimatednpm | < 2.10.0 | 2.10.0 |
Affected products
2- react-native-reanimated/react-native-reanimateddescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-2j79-8pqc-r7x6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24373ghsaADVISORY
- github.com/software-mansion/react-native-reanimated/commit/8a927904366fa2d02df7a11553f8b0aa93471279ghsaWEB
- github.com/software-mansion/react-native-reanimated/compare/2.9.1...2.10.0ghsaWEB
- github.com/software-mansion/react-native-reanimated/pull/3382ghsax_refsource_MISCWEB
- github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432faghsax_refsource_MISCWEB
- github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1ghsax_refsource_MISCWEB
- security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.