-
Notifications
You must be signed in to change notification settings - Fork 123
/
Copy path375.json
26 lines (26 loc) · 975 Bytes
/
375.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
"id": 375,
"created_at": "2018-02-21",
"updated_at": "2018-02-21",
"title": "Regular Expression Denial of Service (ReDoS)",
"author": {
"name": "Jamie Davis",
"website": null,
"username": null
},
"module_name": "is-my-json-valid",
"publish_date": "2018-02-21",
"cves": [],
"vulnerable_versions": "<1.4.1 || >=2.0.0 <2.17.2",
"patched_versions": ">=1.4.1 <2.0.0 || >=2.17.2",
"overview": "is-my-json-valid is vulnerable to Regular Expression Denial of Service (ReDoS) attacks via the email validation function",
"recommendation": "update is-my-json-valid to 1.4.1, 2.17.2 or higher",
"references": [
"https://hackerone.com/reports/317548",
"https://github.com/mafintosh/is-my-json-valid/commit/b3051b277f7caa08cd2edc6f74f50aeda65d2976",
"https://github.com/mafintosh/is-my-json-valid/pull/159"
],
"cvss_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cvss_score": 3.7,
"coordinating_vendor": "snyk.io"
}