Advisories for Npm/Express-Zod-Api package

2023

Zod denial of service vulnerability during email validation

Impact API servers running express-zod-api having: version of express-zod-api below 10.0.0-beta1, and using the following (or similar) validation schema in its implementation: z.string().email(), is vulnerable to a DoS attack due to: Inefficient Regular Expression Complexity in zod versions up to 3.22.2, depending on zod. Patches The patched version of zod fixing the vulnerability is 3.22.3. However, it's highly recommended to upgrade express-zod-api to at least version 10.0.0, which does not …