CVE-2020-26309: nope-validator Regular Expression Denial of Service vulnerability
(updated )
Nope is a JavaScript validator. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). This vulnerability is fixed in 0.12.1.
References
- github.com/advisories/GHSA-3phv-83cj-p8p7
- github.com/ftonato/nope-validator
- github.com/ftonato/nope-validator/commit/4564b7444dcd92769e5c5b80420469c9f18b7a05
- github.com/ftonato/nope-validator/commit/c8af9f93abe8f4786f8f69d2b0518f8ca3652f44
- github.com/ftonato/nope-validator/issues/352
- nvd.nist.gov/vuln/detail/CVE-2020-26309
- securitylab.github.com/advisories/GHSL-2020-303-redos-nope-validator
Detect and mitigate CVE-2020-26309 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →