Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14eDRjLWpqNTgtcjd4Ns0W8g
Inefficient Regular Expression Complexity in Validator.js
Impact
Versions of validator
prior to 13.7.0 are affected by an inefficient Regular Expression complexity when using the rtrim
and trim
sanitizers.
Patches
The problem has been patched in validator 13.7.0
Permalink: https://github.com/advisories/GHSA-xx4c-jj58-r7x6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14eDRjLWpqNTgtcjd4Ns0W8g
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-xx4c-jj58-r7x6
References:
- https://github.com/validatorjs/validator.js/security/advisories/GHSA-xx4c-jj58-r7x6
- https://nvd.nist.gov/vuln/detail/CVE-2021-3765
- https://github.com/validatorjs/validator.js/issues/1599
- https://github.com/validatorjs/validator.js/pull/1738
- https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9/
- https://github.com/advisories/GHSA-xx4c-jj58-r7x6
Blast Radius: 30.2
Affected Packages
npm:validator
Dependent packages: 5,570Dependent repositories: 493,728
Downloads: 47,911,273 last month
Affected Version Ranges: >= 11.1.0, < 13.7.0
Fixed in: 13.7.0
All affected versions: 11.1.0, 12.0.0, 12.1.0, 12.2.0, 13.0.0, 13.1.0, 13.1.1, 13.1.17, 13.5.0, 13.5.1, 13.5.2, 13.6.0
All unaffected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.3.0, 0.3.1, 0.3.2, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.15, 0.4.16, 0.4.17, 0.4.18, 0.4.19, 0.4.20, 0.4.21, 0.4.22, 0.4.23, 0.4.24, 0.4.25, 0.4.27, 0.4.28, 0.5.0, 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.4.0, 1.5.0, 1.5.1, 2.0.0, 2.1.0, 3.0.0, 3.1.0, 3.2.0, 3.2.1, 3.3.0, 3.4.0, 3.5.0, 3.5.1, 3.6.0, 3.7.0, 3.8.0, 3.9.0, 3.10.0, 3.11.0, 3.11.1, 3.11.2, 3.12.0, 3.13.0, 3.14.0, 3.14.1, 3.15.0, 3.16.0, 3.16.1, 3.17.0, 3.17.1, 3.17.2, 3.18.0, 3.18.1, 3.19.0, 3.19.1, 3.20.0, 3.21.0, 3.22.0, 3.22.1, 3.22.2, 3.23.0, 3.24.0, 3.25.0, 3.26.0, 3.27.0, 3.28.0, 3.29.0, 3.30.0, 3.32.0, 3.33.0, 3.34.0, 3.35.0, 3.36.0, 3.37.0, 3.38.0, 3.39.0, 3.40.0, 3.40.1, 3.41.0, 3.41.1, 3.41.2, 3.41.3, 3.42.0, 3.43.0, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.0, 4.2.0, 4.2.1, 4.3.0, 4.4.0, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.7.0, 4.7.1, 4.8.0, 4.9.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 6.0.0, 6.1.0, 6.2.0, 6.2.1, 6.3.0, 7.0.0, 7.1.0, 7.2.0, 8.0.0, 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.3.0, 9.4.0, 9.4.1, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.0, 10.7.1, 10.8.0, 10.9.0, 10.10.0, 10.11.0, 11.0.0, 13.7.0, 13.9.0, 13.11.0