Skip to content

Regular Expression Denial of Service in is-my-json-valid

high severity GitHub Reviewed Published Oct 24, 2017 • Updated Sep 9, 2021

Package

npm is-my-json-valid (npm)

Affected versions

>= 2.0.0, < 2.17.2
< 1.4.1

Patched versions

2.17.2
1.4.1

Description

Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service (ReDoS) via the email validation function.

Recommendation

Update to version 1.4.1, 2.17.2 or later.

References

CVE ID

CVE-2016-2537

CVSS Score

7.5 High
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H