CVE-2016-2537: Regular Expression Denial of Service in is-my-json-valid
(updated )
Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service (ReDoS) via the email validation function.
References
- github.com/advisories/GHSA-f522-ffg8-j8r6
- github.com/github/advisory-database/pull/4850
- github.com/mafintosh/is-my-json-valid
- github.com/mafintosh/is-my-json-valid/commit/b3051b277f7caa08cd2edc6f74f50aeda65d2976
- github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b
- github.com/mafintosh/is-my-json-valid/pull/159
- hackerone.com/reports/317548
- nvd.nist.gov/vuln/detail/CVE-2016-2537
- www.npmjs.com/advisories/572
- www.npmjs.com/advisories/76
Detect and mitigate CVE-2016-2537 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →