Description

All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.

Remediation

References

https://snyk.io/vuln/SNYK-JS-DJVALIDATOR-1018709

Related Vulnerabilities

CVE-2021-32640 Vulnerability in npm package ws

CVE-2022-42890 Vulnerability in maven package org.apache.xmlgraphics:batik-script

CVE-2023-45885 Vulnerability in npm package openmct

CVE-2021-21640 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-31367 Vulnerability in npm package strapi-plugin-content-type-builder

Severity

High

Classification

CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Third Party Advisory