Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wMjdoLTRjcGYtZnc0OM4AAwnR
email-existence Inefficient Regular Expression Complexity vulnerability
A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is recommended to apply a patch to fix this issue. VDB-216854 is the identifier assigned to this vulnerability.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wMjdoLTRjcGYtZnc0OM4AAwnR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-p27h-4cpf-fw48, CVE-2018-25049
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-25049
- https://github.com/nmanousos/email-existence/pull/37
- https://github.com/nmanousos/email-existence/commit/0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56
- https://vuldb.com/?ctiid.216854
- https://vuldb.com/?id.216854
- https://github.com/advisories/GHSA-p27h-4cpf-fw48
Blast Radius: 17.7
Affected Packages
npm:email-existence
Dependent packages: 10Dependent repositories: 231
Downloads: 8,173 last month
Affected Version Ranges: <= 0.1.6
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6