Lucene search
SnykCVELIST:CVE-2020-7767HistoryNov 11, 2020 - 10:20 a.m.
CVE-2020-7767 Regular Expression Denial of Service (ReDoS)
2020-11-1110:20:21
snyk
www.cve.org
1
cve-2020-7767
regular expression denial of service
express-validators
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C
EPSS
0.001
Percentile
42.0%
All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.
CNA Affected
[
{
"product": "express-validators",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
osv
osv
Regular expression deinal of service in express-validators
2021-05-10 19:16:27
cve
cve
CVE-2020-7767
2020-11-11 11:15:10
github
github
Regular expression deinal of service in express-validators
2021-05-10 19:16:27
nvd
nvd
CVE-2020-7767
2020-11-11 11:15:10
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2020-11-12 02:06:37
prion
prion
Design/Logic Flaw
2020-11-11 11:15:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C
EPSS
0.001
Percentile
42.0%
Related for CVELIST:CVE-2020-7767