CVE-2018-1107: Uncontrolled Resource Consumption

January 6, 2022

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.

References

bugzilla.redhat.com/show_bug.cgi?id=1546357
github.com/advisories/GHSA-4hpf-3wq7-5rpr
github.com/mafintosh/is-my-json-valid/commit/b3051b277f7caa08cd2edc6f74f50aeda65d2976
github.com/mafintosh/is-my-json-valid/pull/159
nvd.nist.gov/vuln/detail/CVE-2018-1107
snyk.io/vuln/npm:is-my-json-valid:20180214

Detect and mitigate CVE-2018-1107 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →