Inefficient Regular Expression Complexity in validator.js

Description

validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity

Recommendation

Update the validator package to the latest compatible version. Followings are version details:

• Affected version(s): < 13.7.0
• Patched version(s): 13.7.0

References

• GHSA-qgmg-gppg-76g5
• huntr.dev
• CVE-2021-3765
• CWE-1333
• CAPEC-310
• OWASP 2021-A6

Related Issues

• axios Inefficient Regular Expression Complexity vulnerability - CVE-2021-3749
• string-kit Inefficient Regular Expression Complexity vulnerability - CVE-2021-4299
• Inefficient Regular Expression Complexity in handsontable - CVE-2021-23446
• Inefficient Regular Expression Complexity in vuelidate - CVE-2021-3794

Tags:

npm

validator