Description
vuelidate is a simple, lightweight model-based validation for Vue.js 2.x & 3.0. A ReDoS (regular expression denial of service) flaw was found in the @vuelidate/validators package. An attacker that is able to provide crafted input to the url(input) function may cause an application to consume an excessive amount of CPU.
Recommendation
Update the @vuelidate/validators package to the latest compatible version. Followings are version details:
- Affected version(s): <= 2.0.0-alpha.21
- Patched version(s): 2.0.0-alpha.22
References
Related Issues
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) 4 - CVE-2019-10744
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) 2 - CVE-2019-10744
- Passbolt Browser Extension leaks password information - CVE-2024-33669
- JSONata expression can pollute the "Object" prototype - CVE-2024-27307
- Tags:
- npm
- @vuelidate/validators
Anything's wrong? Let us know Last updated on January 30, 2023