GHSA-3phv-83cj-p8p7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3phv-83cj-p8p7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-3phv-83cj-p8p7/GHSA-3phv-83cj-p8p7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3phv-83cj-p8p7
- Aliases
-
- CVE-2020-26309
- Published
- 2024-10-26T21:30:46Z
- Modified
- 2024-10-28T15:14:51.880327Z
- Severity
-
- 6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green CVSS Calculator
- Summary
- nope-validator Regular Expression Denial of Service vulnerability
- Details
-
Nope is a JavaScript validator. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). This vulnerability is fixed in 0.12.1.
- Database specific
{ "github_reviewed_at": "2024-10-28T14:56:39Z", "github_reviewed": true, "severity": "MODERATE", "nvd_published_at": "2024-10-26T21:15:14Z", "cwe_ids": [ "CWE-1333" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-26309
- https://github.com/ftonato/nope-validator/issues/352
- https://github.com/ftonato/nope-validator/commit/4564b7444dcd92769e5c5b80420469c9f18b7a05#diff-9c399c46fa266bcf2be2704fbb369181726959e148e95ab548a32ef9ca9e7d47R1
- https://github.com/ftonato/nope-validator/commit/c8af9f93abe8f4786f8f69d2b0518f8ca3652f44
- https://github.com/ftonato/nope-validator
- https://securitylab.github.com/advisories/GHSL-2020-303-redos-nope-validator
Affected packages
npm / nope-validator
Package
- Name
- nope-validator
- View open source insights on deps.dev
- Purl
- pkg:npm/nope-validator