Lucene search
GoogleOSV:CVE-2021-21267HistoryMar 19, 2021 - 9:15 p.m.
CVE-2021-21267
2021-03-1921:15:12
Google
osv.dev
6
schema-inspector
js object
denial-of-service
email validation
vulnerability
version 2.0.0
regex
redos
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn’t vulnerable to ReDoS.
Related
nodejs
nodejs
Regular Expression Denial of Service
2021-03-19 20:19:12
osv
osv
Regular Expression Denial-of-Service in npm schema-inspector
2021-03-19 20:14:21
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-03-22 01:37:17
cve
cve
CVE-2021-21267
2021-03-19 21:15:12
prion
prion
Input validation
2021-03-19 21:15:00
nvd
nvd
CVE-2021-21267
2021-03-19 21:15:12
github
github
Regular Expression Denial-of-Service in npm schema-inspector
2021-03-19 20:14:21
cvelist
cvelist
CVE-2021-21267 Regular Expression Denial-of-Service in npm schema-inspector
2021-03-19 20:25:13