EUVD-2017-0222

Malware in sbrugna...

@hola.org/har-validator (=2.0.6-hola.1), @hola.org/request (>=2.67.0-hola.5 <=2.67.0-hola.6) +46 more potentially affected by CVE-2018-1107 via is-my-json-valid (>=2.10.1 <=2.17.1)

is-my-json-valid NPM version =2.10.1, =2.67.0-hola.5, =2.67.0-lum.3, =1.0.1, =1.2.0, =1.0.0, =0.4.0, =1.0.0, =0.4.1, =0.0.1, =0.0.10 - fsa-creator =0.1.1 - geojsonvalidator =0.0.1 and more Source cves: CVE-2018-1107 Source advisory: OSV:GHSA-4HPF-3WQ7-5RPR...

GHSA-4HPF-3WQ7-5RPR Regular expression deinal of service (ReDoS) in is-my-json-valid

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated...

CVE-2018-1107

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated...

CVE-2018-1107

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated...

Npm is-my-json-valid 资源管理错误漏洞

Npm is-my-json-valid is an application of the United States Npm . A JSONSchema is very fast to validate using a code generation mechanism. A resource management error vulnerability exists in is-my-json-valid, which stems from the use of an inefficient regular expression to validate a JSON field...

GHSA-4X7C-CX64-49W8 Regular Expression Denial of Service in is-my-json-valid

Withdrawn: Duplicate of GHSA-f522-ffg8-j8r6...

Regular Expression Denial of Service in is-my-json-valid

Withdrawn: Duplicate of GHSA-f522-ffg8-j8r6...

Regular Express Denial Of Service (ReDoS)

is-my-json-valid is vulnerable to regular expression denial of service ReDoS. The vulnerability exists as it does not impose a max length on the string to be tested against the regular expression, and uses a regular expression that evaluates strings at exponential times...

Node.js third-party modules: [is-my-json-valid] ReDoS via 'style' format

I would like to report a ReDoS in is-my-json-valid It allows cause a denial of service if schema uses the built-in style format. Module module name: is-my-json-valid version: 2.20.1 npm page: https://www.npmjs.com/package/is-my-json-valid Module Description A JSONSchema validator that uses code...

Node.js third-party modules: Arbitrary code execution via untrusted schemas in is-my-json-valid

I would like to report an arbitrary code execution vulnerability in is-my-json-valid. It allows to execute arbitrary code if an attacker-controlled schema is passed to is-my-json-valid. The module Readme doesn't say anything about the risks of untrusted schemas, so I by default assume that this i...

GHSA-CCQ6-3QX5-VMQX Moderate severity vulnerability that affects is-my-json-valid

Withdrawn, accidental duplicate publish. The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports'utc-millisec' regular expression, which allows remote attackers to cause a denial of service blocked event loop via a crafted string...

Moderate severity vulnerability that affects is-my-json-valid

Withdrawn, accidental duplicate publish. The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports'utc-millisec' regular expression, which allows remote attackers to cause a denial of service blocked event loop via a crafted string...

Regular Expression Denial of Service

Overview Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 1.4.1, 2.17.2 or later. References - GitHub PR 159 - GitHub Commit b3051b2 - HackerOne Report - GitHub Advis...

Node.js third-party modules: Regular Expression Denial of Service (ReDoS)

The issue was already fixed. Module: is-my-json-valid Summary: Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks. It used a regular expression /^\S+@\S+$/ in order to validate emails. This can cause an impact of about 10 seconds matching time f...

Regular Expression Denial of Service in is-my-json-valid

Version of is-my-json-valid before 2.12.4 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 2.12.4 or later...

mdfa (>=0.9.0 <=0.9.1), meadow (>=1.0.1 <=1.0.16) +2 more potentially affected by CVE-2016-2537 via is-my-json-valid (>=1.4.2 <=2.12.3)

is-my-json-valid NPM version =1.4.2, =0.9.0, =1.0.1, =1.3.0, =2.3.2 - tartare-logs =0.5.0 Source cves: CVE-2016-2537 Source advisory: OSV:GHSA-F522-FFG8-J8R6...

Fedora 22 : nodejs-is-my-json-valid-2.12.4-1.fc22 (2016-3441e9da2f)

Security fix for Regular expression DoS using utc-millisec format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 23 : nodejs-is-my-json-valid-2.12.4-1.fc23 (2016-25ab518a58)

Security fix for Regular expression DoS using utc-millisec format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

CVE-2016-2537

The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports'utc-millisec' regular expression, which allows remote attackers to cause a denial of service blocked event loop via a crafted string...