{"id":"CVE-2020-1920","details":"A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.","aliases":["GHSA-7f53-fmmv-mfjv"],"modified":"2026-04-12T08:03:56.027297Z","published":"2021-06-01T14:15:08.347Z","references":[{"type":"ADVISORY","url":"https://github.com/facebook/react-native/releases/tag/v0.64.1"},{"type":"FIX","url":"https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/react-native","events":[{"introduced":"7c73f2bb5a0f97902f469bc043681e79e161aac3"},{"fixed":"787567a15014c73b87353b7d418c064c5643e7cc"},{"fixed":"ca09ae82715e33c9ac77b3fa55495cf84ba891c7"}],"database_specific":{"versions":[{"introduced":"0.59.0"},{"fixed":"0.64.1"}]}}],"database_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"ReactAndroid/src/main/java/com/facebook/react/modules/systeminfo/ReactNativeVersion.java"},"signature_type":"Line","id":"CVE-2020-1920-697b472b","source":"https://github.com/facebook/react-native/commit/787567a15014c73b87353b7d418c064c5643e7cc","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["38648504482845758380890527369223853047","237330615071155511770482017833663329878","76753654515882591088767598865977268070"]}},{"deprecated":false,"target":{"file":"ReactCommon/cxxreact/ReactNativeVersion.h"},"signature_type":"Line","id":"CVE-2020-1920-f75ef8f3","source":"https://github.com/facebook/react-native/commit/787567a15014c73b87353b7d418c064c5643e7cc","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["181531448390723639034103199115214914710","144467566250035608914775916386623595855","110479464497664185125002398735225219149","184865437213501378424942131855546629974"]}}],"vanir_signatures_modified":"2026-04-12T08:03:56Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1920.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}