The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a “regular expression denial of service (ReDoS).”
Impact
There is no impact; F5 products are not affected by this vulnerability.