Описание
Improper Input Validation in is-email
is-email helps validate an email address. A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.
Пакеты
Наименование
is-email
npm
Затронутые версииВерсия исправления
< 1.0.1
1.0.1
Связанные уязвимости
CVSS3: 7.5
nvd
больше 4 лет назад
A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.