CVE-2020-26308: validate.js Regular Expression Denial of Service vulnerability

October 26, 2024 (updated October 28, 2024)

Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.

References

github.com/advisories/GHSA-rv73-9c8w-jp4c
github.com/ansman/validate.js
github.com/ansman/validate.js/issues/342
nvd.nist.gov/vuln/detail/CVE-2020-26308
securitylab.github.com/advisories/GHSL-2020-302-redos-validate.js

Detect and mitigate CVE-2020-26308 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →