High severityNVD Advisory· Published Oct 27, 2020· Updated Sep 17, 2024
Regular Expression Denial of Service (ReDoS)
CVE-2020-7754
Description
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
npm-user-validatenpm | < 1.0.1 | 1.0.1 |
Affected products
4- npm-user-validate/npm-user-validatedescription
- ghsa-coords3 versions
< 1.0.1+ 2 more
- (no CPE)range: < 1.0.1
- (no CPE)range: < 1.18.3-1.module_el8.3.0+2023+d2377ea3
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-pw54-mh39-w3hcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7754ghsaADVISORY
- github.com/npm/npm-user-validate/commit/c8a87dac1a4cc6988b5418f30411a8669bef204eghsax_refsource_MISCWEB
- github.com/npm/npm-user-validate/security/advisories/GHSA-xgh6-85xh-479pghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019353ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-NPMUSERVALIDATE-1019352ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.