Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1107

Опубликовано: 16 фев. 2018
Источник: redhat
CVSS3: 5.3

Описание

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.

Отчет

In Red Hat Quay the is-my-json-valid library is included as a build time dependency of protractor. It's only used at build time, not at runtime reducing the impact to low.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8nodejs-is-my-json-validNot affected
Red Hat Mobile Application Platform 4nodejs-is-my-json-validAffected
Red Hat OpenShift Enterprise 3nodejs-is-my-json-validNot affected
Red Hat Software Collectionsrh-nodejs6-nodejs-is-my-json-validWill not fix
Red Hat Quay 3quay/quay-rhel8FixedRHSA-2021:391719.10.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1546357nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1107

CVSS3: 5.3
nvd
почти 5 лет назад

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.

github логотип

GHSA-4hpf-3wq7-5rpr

CVSS3: 5.3
github
около 4 лет назад

Regular expression deinal of service (ReDoS) in is-my-json-valid

fstec логотип

BDU:2024-01507

CVSS3: 5.3
fstec
почти 8 лет назад

Уязвимость библиотеки is-my-json-valid програмной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании

5.3 Medium

CVSS3