VYPR

npm package

is-my-json-valid

pkg:npm/is-my-json-valid

Vulnerabilities (2)

  • CVE-2018-1107Mar 30, 2021
    affected >= 2.0.0, < 2.17.2fixed 2.17.2

    It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.

  • CVE-2016-2537HigFeb 23, 2016
    affected < 2.12.4fixed 2.12.4

    The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.