5 matches found
7niu-webpack-plugin (=0.1.0), @a-brands/backend (>=1.0.0 <=1.0.4) +1173 more potentially affected by CVE-2020-26302 via is_js (>=0.2.1 <=0.9.0)
isjs NPM version =0.2.1, =1.0.0, =0.4.0-alpha.1, =0.1.0-beta.15, =0.3.0-beta.18, =0.1.0-alpha.4d9cf8a2, =1.0.1, =0.1.0, =1.0.5, =1.0.0, =3.10.1, =3.13.2 and more Source cves: CVE-2020-26302 Source advisory: OSV:GHSA-PVRW-G6FX-MCX2...
CVE-2020-26302
is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...
CVE-2020-26302
CVE-2020-26302 affects the is.js library. Versions ≤ 0.9.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via a URL-validation regex copied from a gist; under malicious input the regex can loop indefinitely. The issue is documented across multiple sources (e.g., GHSA- PVRW-G6FX-MC...
CVE-2020-26302
is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...
CVE-2020-26302
is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...