A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.

Affected Packages

npm react-native

Affected versions: 0.59.0 (fixed in 0.62.3)

npm react-native

Affected versions: 0.63.0 (fixed in 0.64.1)

Related CVEs

CVE-2020-1920

Key Information

GHSA ID

GHSA-7f53-fmmv-mfjv

Published

July 20, 2021 5:33 PM

Last Modified

June 10, 2021 2:10 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

react-native

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.