GHSA-ccq6-3qx5-vmqx – is-my-json-valid

Package

Manager: npm
Name: is-my-json-valid
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Moderate severity vulnerability that affects is-my-json-valid Withdrawn, accidental duplicate publish. The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.

Metadata

Created: 2018-07-31T22:54:14Z
Modified: 2020-06-16T21:33:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-ccq6-3qx5-vmqx/GHSA-ccq6-3qx5-vmqx.json
CWE IDs: []
Alternative ID: N/A
Finding: N/A
Auto approve: 0