Skip to content

Inefficient Regular Expression Complexity in Validator.js

Moderate
profnandaa published GHSA-xx4c-jj58-r7x6 Nov 7, 2021

Package

npm validator (npm)

Affected versions

>= 11.1.0 <= 13.6.0

Patched versions

13.7.0

Description

Impact

Versions of validator prior to 13.7.0 are affected by an inefficient Regular Expression complexity when using the rtrim and trim sanitizers.

Patches

The problem has been patched in validator 13.7.0

References

For more information

If you have any questions or comments about this advisory:

Severity

Moderate
5.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE ID

CVE-2021-3765

Weaknesses

Credits