Regular Expression Denial of Service in djvalidator

Severity:: High

Description

All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.

Recommendation

No fix is available yet. Followings are affected versions:

<= 1.1.1

References

GHSA-v6wh-2wvh-c8x5
snyk.io
CVE-2020-7779
CWE-400
CAPEC-310
OWASP 2021-A6

Related Issues

Foundation Regular Expression Denial of Service vulnerability - CVE-2020-26304
Regular Expression Denial of Service in papaparse - CVE-2020-36649
useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311
Regular Expression Denial of Service (ReDoS) in lodash - lodash-es - CVE-2020-28500

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; djvalidator

Anything's wrong? Let us know Last updated on September 11, 2023