High severity7.5NVD Advisory· Published Feb 23, 2016· Updated Jun 17, 2026
CVE-2016-2537
CVE-2016-2537
Description
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
is-my-json-validnpm | < 2.12.4 | 2.12.4 |
Affected products
2- cpe:2.3:a:is_my_json_valid_project:is_my_json_valid:*:*:*:*:*:node.js:*:*Range: <=2.12.3
Patches
Vulnerability mechanics
References
10- github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9bnvdPatchWEB
- github.com/advisories/GHSA-f522-ffg8-j8r6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-2537ghsaADVISORY
- github.com/github/advisory-database/pull/4850ghsaWEB
- github.com/mafintosh/is-my-json-valid/commit/b3051b277f7caa08cd2edc6f74f50aeda65d2976ghsaWEB
- github.com/mafintosh/is-my-json-valid/pull/159ghsaWEB
- hackerone.com/reports/317548ghsaWEB
- www.npmjs.com/advisories/572ghsaWEB
- www.npmjs.com/advisories/76ghsaWEB
- nodesecurity.io/advisories/76nvd
News mentions
0No linked articles in our index yet.