GHSA-ccq6-3qx5-vmqx

Опубликовано: 31 июл. 2018

Источник: github

Github: Прошло ревью

Описание

Moderate severity vulnerability that affects is-my-json-valid

Withdrawn, accidental duplicate publish.

The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2016-2537
https://github.com/advisories/GHSA-ccq6-3qx5-vmqx

Пакеты

Наименование

is-my-json-valid

npm

Затронутые версииВерсия исправления

<= 2.12.3

2.12.4