5 matches found
@myticketing/common (>=1.0.3 <=1.0.5), @pavtickets/common (=1.0.2) potentially affected by CVE-2020-7767 via express-validators (=1.0.4)
express-validators NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on express-validators and may be impacted: - @myticketing/common =1.0.3, =1.0.5 - @pavtickets/common =1.0.2 Source cves: CVE-2020-7767 Source advisory:...
CVE-2020-7767
All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...
CVE-2020-7767 Regular Expression Denial of Service (ReDoS)
All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...
CVE-2020-7767
CVE-2020-7767 affects the npm package express-validators . All versions are reported vulnerable to a Regular Expression Denial of Service (ReDoS) when validating specially crafted invalid URLs. The root cause stems from the URL validation regex, where certain inputs trigger catastrophic backtrack...
@myticketing/common (>=1.0.3 <=1.0.5), @pavtickets/common (=1.0.2) potentially affected by CVE-2020-7767 via express-validators (=1.0.4)
express-validators NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on express-validators and may be impacted: - @myticketing/common =1.0.3, =1.0.5 - @pavtickets/common =1.0.2 Source cves: CVE-2020-7767 Source advisory:...