Regular Expression Denial of Service in is-my-json-valid
High severity
GitHub Reviewed
Published
Oct 24, 2017
to the GitHub Advisory Database
•
Updated Apr 11, 2023
Package
Affected versions
>= 2.0.0, < 2.17.2
< 1.4.1
Patched versions
2.17.2
1.4.1
Description
Published to the GitHub Advisory Database
Oct 24, 2017
Reviewed
Jun 16, 2020
Last updated
Apr 11, 2023
Version of
is-my-json-valid
before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service (ReDoS) via the email validation function.Recommendation
Update to version 1.4.1, 2.17.2 or later.
References