{"id":"CVE-2022-24373","details":"The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.","aliases":["GHSA-2j79-8pqc-r7x6"],"modified":"2026-04-10T04:46:08.601481Z","published":"2022-09-30T05:15:11.177Z","references":[{"type":"FIX","url":"https://github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa"},{"type":"FIX","url":"https://github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1"},{"type":"FIX","url":"https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507"},{"type":"FIX","url":"https://github.com/software-mansion/react-native-reanimated/pull/3382"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/software-mansion/react-native-reanimated","events":[{"introduced":"0"},{"fixed":"1b61196c1a5e2f05da533b6035c6663d0129bbc5"},{"fixed":"f310408c0fdb39b14c178dd1909bf9a82f8af657"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.10.0"}]}}],"versions":["1.0.0","1.0.0-alpha.10","1.0.0-alpha.3","1.0.0-alpha.5","1.0.0-alpha.9","1.0.1","1.1.0","1.2.0","1.3.0","1.3.1","1.3.2","1.4.0","1.5.0","1.6.0","1.7.0","1.7.1","1.8.0","2.0.0","2.0.0-alpha.3","2.0.0-alpha.4","2.0.0-alpha.5","2.0.0-alpha.6","2.0.0-alpha.7","2.0.0-alpha.8","2.0.0-alpha.9","2.0.0-alpha.9.1","2.0.0-rc.0","2.0.0-rc.1","2.0.0-rc.2","2.0.0-rc.3","2.0.1","2.1.0","2.2.0","2.3.0","2.3.0-alpha.1","2.3.0-alpha.2","2.3.0-alpha.3","2.3.0-beta.1","2.3.0-beta.2","2.3.0-beta.3","2.3.0-beta.4","2.3.1","2.4.0","2.4.1","2.6.0","2.7.0","2.8.0","2.9.0","3.0.0-rc.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24373.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}