Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2020-0180
Good to know:
Date: October 16, 2020
The package npm-user-validate prior to version 1.0.1 is vulnerable to REDoS. The regex that validates a user's email took exponentially longer to process input strings that begin with the '@' character.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Incorrect Regular Expression
CWE-185Top Fix
Upgrade Version
Upgrade to version NodeJSAndNpm - no_fix;z3/t3build-node - 1.0.11;nodejs - 14.15.4;nodejs - 12.22.6;SystemExt.Languages.Node.runtime.win-x86 - no_fix;MIDIator.WebClient - 1.0.105;Nodejs.Redist.x64 - no_fix;Nodejs.Redist.x64 - 7.7.3.1;SystemExt.Languages.Node.runtime.win-x64 - no_fix;Tools.Npm - no_fix;NpmLess - no_fix;SystemExt.Languages.Node.runtime.linux-x64 - no_fix;NoNpm - no_fix;genenotebook - 0.1.2;Npm-Shift - no_fix;Ncapsulate.Node - no_fix;NC.Frontend.Env - no_fix;Triarc.Web.Build - 1.3.0;SystemExt.Languages.Node.runtime.linux-arm - no_fix;jquery - 3.4.0;Npm - no_fix;Node-Kit - no_fix;Ncapsulate.Node.Shadow - no_fix;Portable.Npm - no_fix;npm-user-validate - 1.0.1;NodeBin - no_fix;Betclic.BuildTools.Node - no_fix;Npm3 - no_fix;Npm.js - no_fix;SystemExt.Languages.Node.runtime.osx-x64 - no_fix;SystemExt.Languages.Node.runtime.linux-arm64 - no_fix;org.webjars:npm:4.0.2;org.webjars:npm:4.4.4;org.webjars:npm:no_fix;org.webjars:npm:5.0.0-1;org.webjars.bower:npm:no_fix;org.webjars.npm:npm-user-validate:1.0.1
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |