Description
Versions of validator prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the isURL method.
Recommendation
Update the validator package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.22.1
- Patched version(s): 3.22.1
References
Related Issues
- Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths - CVE-2026-39320
- Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing - CVE-2024-1899
- es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` - CVE-2024-27088
- Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery - CVE-2026-30925
You might also like:
- Tags:
- npm
- validator
Anything's wrong? Let us know Last updated on January 09, 2023