Lucene search
SnykCVELIST:CVE-2020-7754HistoryOct 27, 2020 - 12:00 a.m.
CVE-2020-7754 Regular Expression Denial of Service (ReDoS)
2020-10-2700:00:00
snyk
www.cve.org
8
denial of service
regular expression
npm-user-validate
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
8.5
Confidence
High
EPSS
0.004
Percentile
72.6%
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
CNA Affected
[
{
"product": "npm-user-validate",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nodejs
nodejs
Regular Expression Denial of Service
2021-05-10 19:17:47
ibm
ibm
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7754)
2021-02-04 10:55:41
Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in Node.js
2023-05-17 20:51:25
Security Bulletin: Cloud Pak for Security contains security vulnerabilities
2021-05-13 21:45:28
redhatcve
redhatcve
CVE-2020-7754
2020-10-28 18:56:14
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2020-10-19 04:34:38
osv
osv
CVE-2020-7754
2020-10-27 15:15:13
Regular expression denial of service in npm-user-validate
2021-05-10 19:08:15
Regular Expression Denial of Service in npm-user-validate
2020-10-16 18:56:26
github
github
Regular expression denial of service in npm-user-validate
2021-05-10 19:08:15
cve
cve
CVE-2020-7754
2020-10-27 15:15:13
prion
prion
Input validation
2020-10-27 15:15:00
nvd
nvd
CVE-2020-7754
2020-10-27 15:15:13
almalinux
almalinux
Moderate: nodejs:12 security update
2021-02-16 07:34:29
Moderate: nodejs:14 security and bug fix update
2021-02-16 07:34:42
Moderate: nodejs:10 security update
2021-02-16 07:34:15
nessus
nessus
Oracle Linux 8 : nodejs:12 (ELSA-2021-0549)
2021-02-19 00:00:00
RHEL 7 : rh-nodejs12-nodejs (RHSA-2021:0485)
2022-09-15 00:00:00
Rocky Linux 8 : nodejs:14 (RLSA-2021:0551)
2023-11-06 00:00:00
oraclelinux
oraclelinux
nodejs:12 security update
2021-02-20 00:00:00
nodejs:14 security and bug fix update
2021-02-20 00:00:00
nodejs:10 security update
2021-02-20 00:00:00
redhat
redhat
(RHSA-2021:0551) Moderate: nodejs:14 security and bug fix update
2021-02-16 07:34:42
(RHSA-2021:0421) Moderate: rh-nodejs14-nodejs security update
2021-02-04 16:46:24
(RHSA-2021:0485) Moderate: rh-nodejs12-nodejs security update
2021-02-11 13:08:55
rocky
rocky
nodejs:12 security update
2021-02-16 07:34:29
nodejs:14 security and bug fix update
2021-02-16 07:34:42
nodejs:10 security update
2021-02-16 07:34:15
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
8.5
Confidence
High
EPSS
0.004
Percentile
72.6%
Related for CVELIST:CVE-2020-7754