10 matches found
EUVD-2021-1041
Malware in sbrugna...
@myticketing/common (>=1.0.3 <=1.0.5), @pavtickets/common (=1.0.2) potentially affected by CVE-2020-7767 via express-validators (=1.0.4)
express-validators NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on express-validators and may be impacted: - @myticketing/common =1.0.3, =1.0.5 - @pavtickets/common =1.0.2 Source cves: CVE-2020-7767 Source advisory:...
GHSA-CF2X-RQC8-GRFQ Regular expression deinal of service in express-validators
All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...
Regular Expression Denial Of Service (ReDoS)
express-validators is vulnerable to Regular Expression Denial of Service ReDoS. An attacker is able to crash the application via a malicious URL due to the insecure usage of regex to validate URLs...
CVE-2020-7767
All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...
Design/Logic Flaw
All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...
CVE-2020-7767 Regular Expression Denial of Service (ReDoS)
All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...
CVE-2020-7767
CVE-2020-7767 affects the npm package express-validators . All versions are reported vulnerable to a Regular Expression Denial of Service (ReDoS) when validating specially crafted invalid URLs. The root cause stems from the URL validation regex, where certain inputs trigger catastrophic backtrack...
@myticketing/common (>=1.0.3 <=1.0.5), @pavtickets/common (=1.0.2) potentially affected by CVE-2020-7767 via express-validators (=1.0.4)
express-validators NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on express-validators and may be impacted: - @myticketing/common =1.0.3, =1.0.5 - @pavtickets/common =1.0.2 Source cves: CVE-2020-7767 Source advisory:...
Regular Expression Denial of Service (ReDoS)
Overview express-validators is an Express framework json objectreq validator. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls. POC: var expressValidators = require"express-validators"; var Obj =...