Regular Expression Denial of Service in is-my-json-valid
High severity
GitHub Reviewed
Published
Oct 24, 2017
to the GitHub Advisory Database
•
Updated Oct 2, 2024
Description
Published to the GitHub Advisory Database
Oct 24, 2017
Reviewed
Jun 16, 2020
Last updated
Oct 2, 2024
Version of
is-my-json-valid
before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service (ReDoS) via the email validation function.Recommendation
Update to version 1.4.1, 2.17.2 or later.
References