CVE-2018-1107

State: PUBLISHED · Published: 2021-03-30 · Updated: 2024-08-05 · Assigner: redhat

Description

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.

CWE

CWE-400 — CWE-400

Affected

n/a / nodejs-is-my-json-valid — v=is-myjson-valid 2.17.2, is-myjson-valid 1.4.1 [affected]

CVSS

(none)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1546357 x_refsource_MISC
https://snyk.io/vuln/npm:is-my-json-valid:20180214 x_refsource_MISC

Source

cvelistV5-main/cves/2018/1xxx/CVE-2018-1107.json