Description

All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.

Remediation

References

https://snyk.io/vuln/SNYK-JS-EXPRESSVALIDATORS-1017404

Related Vulnerabilities

CVE-2023-30519 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger

CVE-2020-15500 Vulnerability in npm package tileserver-gl

CVE-2021-32831 Vulnerability in npm package total.js

CVE-2017-16113 Vulnerability in npm package parsejson

CVE-2022-39218 Vulnerability in npm package @fastly/js-compute

Severity

Critical

Classification

CWE-400

Tags

Exploit Third Party Advisory