3 matches found
CVE-2021-3765
CVE-2021-3765 (validator.js) is described in the provided materials as a regular expression denial of service (ReDoS) vulnerability. The technical detail mentioned is a vulnerability in validator.js related to inefficient regular expression complexity, specifically a ReDoS condition triggered by ...
CVE-2025-12758
CVE-2025-12758—Validator.js isLength() Unicode variation selector bypass . Multiple IBM advisories reference affected product lines (e.g., IBM App Connect Enterprise, QRadar) where validator versions earlier than 13.15.22 are vulnerable due to incomplete filtering of Unicode variation selectors i...
CVE-2025-56200
CVE-2025-56200 : Validator.js contains a URL validation bypass through version 13.15.15. The isURL() function splits on '://', but browsers use ':'; this allows crafting URLs that bypass protocol/domain checks and may enable XSS or open redirects. Connected sources indicate a fix is available in ...