Description
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity
Recommendation
Update the validator package to the latest compatible version. Followings are version details:
- Affected version(s): < 13.7.0
- Patched version(s): 13.7.0
References
Related Issues
- undici Denial of Service attack via bad certificate data - CVE-2025-47279
- Marvin Attack of RSA and RSAOAEP decryption in jsrsasign - CVE-2024-21484
- Feathers socket handler allows abusing implicit toString - CVE-2023-37899
- is_js vulnerable to Regular Expression Denial of Service - CVE-2020-26302
- Tags:
- npm
- validator
Anything's wrong? Let us know Last updated on November 29, 2023