Описание
Inefficient Regular Expression Complexity in Validator.js
Impact
Versions of validator prior to 13.7.0 are affected by an inefficient Regular Expression complexity when using the rtrim and trim sanitizers.
Patches
The problem has been patched in validator 13.7.0
Ссылки
- https://github.com/validatorjs/validator.js/security/advisories/GHSA-xx4c-jj58-r7x6
- https://nvd.nist.gov/vuln/detail/CVE-2021-3765
- https://github.com/validatorjs/validator.js/issues/1599
- https://github.com/validatorjs/validator.js/pull/1738
- https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9
Пакеты
Наименование
validator
npm
Затронутые версииВерсия исправления
>= 11.1.0, < 13.7.0
13.7.0
5.3 Medium
CVSS3
Дефекты
CWE-1333
5.3 Medium
CVSS3
Дефекты
CWE-1333