Inefficient Regular Expression Complexity in Validator.js (GHSA-xx4c-jj58-r7x6)

Description

Versions of validator prior to 13.7.0 are affected by an inefficient Regular Expression complexity when using the rtrim and trim sanitizers.

Recommendation

Update the validator package to the latest compatible version. Followings are version details:

• Affected version(s): >= 11.1.0, < 13.7.0
• Patched version(s): 13.7.0

References

• GHSA-xx4c-jj58-r7x6
• huntr.dev
• CWE-1333

Related Issues

• string-kit Inefficient Regular Expression Complexity vulnerability - CVE-2021-4299
• Vercel ms Inefficient Regular Expression Complexity vulnerability - CVE-2017-20162
• debug Inefficient Regular Expression Complexity vulnerability - CVE-2017-20165
• Inefficient Regular Expression Complexity in marked (GHSA-5v2h-r2cx-5xgj) - CVE-2022-21681

Tags:

npm

validator