Lucene search
GoogleOSV:GHSA-F522-FFG8-J8R6HistoryOct 24, 2017 - 6:33 p.m.
Regular Expression Denial of Service in is-my-json-valid
2017-10-2418:33:35
Google
osv.dev
12
EPSS
0.004
Percentile
74.7%
Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service (ReDoS) via the email validation function.
Recommendation
Update to version 1.4.1, 2.17.2 or later.
References
github.com/advisories/GHSA-f522-ffg8-j8r6
github.com/mafintosh/is-my-json-valid
github.com/mafintosh/is-my-json-valid/commit/b3051b277f7caa08cd2edc6f74f50aeda65d2976
github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b
github.com/mafintosh/is-my-json-valid/pull/159
hackerone.com/reports/317548
nvd.nist.gov/vuln/detail/CVE-2016-2537
www.npmjs.com/advisories/572
www.npmjs.com/advisories/76
Related
nodejs
nodejs
Regular Expression Denial of Service
2016-01-17 21:04:10
nvd
nvd
CVE-2016-2537
2016-02-23 05:59:01
github
github
Regular Expression Denial of Service in is-my-json-valid
2017-10-24 18:33:35
cvelist
cvelist
CVE-2016-2537
2016-02-23 02:00:00
prion
prion
Design/Logic Flaw
2016-02-23 05:59:00
cve
cve
CVE-2016-2537
2016-02-23 05:59:01
ibm
ibm