Description

All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.

Remediation

References

https://snyk.io/vuln/SNYK-JS-EXPRESSVALIDATORS-1017404

Related Vulnerabilities

CVE-2022-26049 Vulnerability in maven package com.diffplug.gradle:goomph

CVE-2022-25871 Vulnerability in npm package querymen

CVE-2022-24999 Vulnerability in maven package org.webjars:qs

CVE-2022-24740 Vulnerability in npm package @plone/volto

CVE-2021-43090 Vulnerability in maven package com.predic8:soa-model-parent

Severity

Critical

Classification

CWE-400

Tags

Exploit Third Party Advisory