EUVD-2021-1041

Malware in sbrugna...

GHSA-CF2X-RQC8-GRFQ Regular expression deinal of service in express-validators

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

@myticketing/common (>=1.0.3 <=1.0.5), @pavtickets/common (=1.0.2) potentially affected by CVE-2020-7767 via express-validators (=1.0.4)

express-validators NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on express-validators and may be impacted: - @myticketing/common =1.0.3, =1.0.5 - @pavtickets/common =1.0.2 Source cves: CVE-2020-7767 Source advisory:...

Regular Expression Denial Of Service (ReDoS)

express-validators is vulnerable to Regular Expression Denial of Service ReDoS. An attacker is able to crash the application via a malicious URL due to the insecure usage of regex to validate URLs...

CVE-2020-7767

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

Design/Logic Flaw

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

CVE-2020-7767 Regular Expression Denial of Service (ReDoS)

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

CVE-2020-7767

CVE-2020-7767 affects the npm package express-validators . All versions are reported vulnerable to a Regular Expression Denial of Service (ReDoS) when validating specially crafted invalid URLs. The root cause stems from the URL validation regex, where certain inputs trigger catastrophic backtrack...

Regular Expression Denial of Service (ReDoS)

Overview express-validators is an Express framework json objectreq validator. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls. POC: var expressValidators = require"express-validators"; var Obj =...

@myticketing/common (>=1.0.3 <=1.0.5), @pavtickets/common (=1.0.2) potentially affected by CVE-2020-7767 via express-validators (=1.0.4)

express-validators NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on express-validators and may be impacted: - @myticketing/common =1.0.3, =1.0.5 - @pavtickets/common =1.0.2 Source cves: CVE-2020-7767 Source advisory:...