CVE-2020-26308

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-26308

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26308.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-26308

Aliases

GHSA-rv73-9c8w-jp4c

Published

2024-10-26T21:15:14.087Z

Modified

2025-11-20T11:22:58.333908Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.

References

Affected packages

Git / github.com/ansman/validate.js

Affected ranges

Type: GIT
Repo: https://github.com/ansman/validate.js
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

40e06a1bafd2ce61dba37779ee77e796ad397b81

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.10.0

0.11.0

0.11.1

0.12.0

0.13.1

0.2.0

0.3.0

0.3.1

0.3.2

0.4.0

0.5.0

0.6.0

0.6.1

0.7.0

0.7.1

0.8.0

0.9.0