Regular Expression Denial of Service in is-my-json-valid

2017-10-2418:33:35

Google

osv.dev

0.004 Low

EPSS

Percentile

74.7%

JSON

Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service (ReDoS) via the email validation function.

Recommendation

Update to version 1.4.1, 2.17.2 or later.

CPENameOperatorVersion
is-my-json-validlt2.17.2
is-my-json-validlt1.4.1
is-my-json-validge2.0.0

Name	Operator	Version
is-my-json-valid	lt	2.17.2
is-my-json-valid	lt	1.4.1
is-my-json-valid	ge	2.0.0

References

github.com/advisories/GHSA-f522-ffg8-j8r6

github.com/mafintosh/is-my-json-valid

github.com/mafintosh/is-my-json-valid/commit/b3051b277f7caa08cd2edc6f74f50aeda65d2976

github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b

github.com/mafintosh/is-my-json-valid/pull/159

hackerone.com/reports/317548

nvd.nist.gov/vuln/detail/CVE-2016-2537

www.npmjs.com/advisories/572

www.npmjs.com/advisories/76

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for OSV:GHSA-F522-FFG8-J8R6