Description

All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.

Remediation

References

https://snyk.io/vuln/SNYK-JS-EXPRESSVALIDATORS-1017404

Related Vulnerabilities

CVE-2022-3145 Vulnerability in npm package @okta/oidc-middleware

CVE-2022-31183 Vulnerability in maven package co.fs2:fs2-io_sjs1_2.12

CVE-2020-28442 Vulnerability in maven package org.webjars.npm:js-data

CVE-2023-41046 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap

Severity

Medium

Classification

CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Exploit Third Party Advisory