forked from valora-inc/wallet
-
Notifications
You must be signed in to change notification settings - Fork 1
/
yarn-audit-known-issues
1 lines (1 loc) · 1.16 KB
/
yarn-audit-known-issues
1
{"type":"auditAdvisory","data":{"resolution":{"id":1002565,"path":"@celo/mobile>react-native","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"0.63.4","paths":["@celo/mobile>react-native"]}],"metadata":null,"vulnerable_versions":">=0.63.0 <0.64.1","module_name":"react-native","severity":"high","github_advisory_id":"GHSA-7f53-fmmv-mfjv","cves":["CVE-2020-1920"],"access":"public","patched_versions":">=0.64.1","updated":"2021-07-20T17:33:11.000Z","recommendation":"Upgrade to version 0.64.1 or later","cwe":"CWE-400","found_by":null,"deleted":null,"id":1002565,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-1920\n- https://github.com/advisories/GHSA-7f53-fmmv-mfjv","created":"2021-10-07T07:31:50.531Z","reported_by":null,"title":"Regular expression denial of service in react-native","npm_advisory_id":null,"overview":"A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.","url":"https://github.com/advisories/GHSA-7f53-fmmv-mfjv"}}}