Lucene search
Veracode Vulnerability DatabaseVERACODE:29770HistoryMar 22, 2021 - 1:37 a.m.
Regular Expression Denial Of Service (ReDoS)
2021-03-2201:37:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
schema-inspector
redos
email validation
vulnerability
application crash
EPSS
0.007
Percentile
79.9%
schema-inspector is vulnerable to regular expression denial of service (ReDoS). The vulnerability exists through the email validation method where an input such as example@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. would result in large consumption of resources, leading to a freeze and application crash.
References
gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f
github.com/schema-inspector/schema-inspector/commit/49fa4b7f081880f1d741a164c663caa8e2c6d129
github.com/schema-inspector/schema-inspector/security/advisories/GHSA-f38p-c2gq-4pmr
security.netapp.com/advisory/ntap-20210528-0006/
www.npmjs.com/package/schema-inspector
Related
cve
cve
CVE-2021-21267
2021-03-19 21:15:12
prion
prion
Input validation
2021-03-19 21:15:00
nvd
nvd
CVE-2021-21267
2021-03-19 21:15:12
github
github
Regular Expression Denial-of-Service in npm schema-inspector
2021-03-19 20:14:21
nodejs
nodejs
Regular Expression Denial of Service
2021-03-19 20:19:12
osv
osv
Regular Expression Denial-of-Service in npm schema-inspector
2021-03-19 20:14:21
CVE-2021-21267
2021-03-19 21:15:12
cvelist
cvelist
CVE-2021-21267 Regular Expression Denial-of-Service in npm schema-inspector
2021-03-19 20:25:13