Description
vuelidate is a simple, lightweight model-based validation for Vue.js 2.x & 3.0. A ReDoS (regular expression denial of service) flaw was found in the @vuelidate/validators package. An attacker that is able to provide crafted input to the url(input) function may cause an application to consume an excessive amount of CPU.
Recommendation
Update the @vuelidate/validators package to the latest compatible version. Followings are version details:
- Affected version(s): <= 2.0.0-alpha.21
- Patched version(s): 2.0.0-alpha.22
References
Related Issues
- Inefficient Regular Expression Complexity in validator.js - CVE-2021-3765
- string-kit Inefficient Regular Expression Complexity vulnerability - CVE-2021-4299
- axios Inefficient Regular Expression Complexity vulnerability - CVE-2021-3749
- Inefficient Regular Expression Complexity in handsontable - CVE-2021-23446
- Tags:
- npm
- @vuelidate/validators
Anything's wrong? Let us know Last updated on January 30, 2023