npm package
is-my-json-valid
pkg:npm/is-my-json-valid
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1107 | — | >= 2.0.0, < 2.17.2 | 2.17.2 | Mar 30, 2021 | It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated. | ||
| CVE-2016-2537 | Hig | 7.5 | < 2.12.4 | 2.12.4 | Feb 23, 2016 | The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string. |
- CVE-2018-1107Mar 30, 2021affected >= 2.0.0, < 2.17.2fixed 2.17.2
It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.
- affected < 2.12.4fixed 2.12.4
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.