Open mend-bolt-for-github[bot] opened 5 years ago
A JSONSchema validator that uses code generation to be extremely fast
Library home page: https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.17.1.tgz
Path to dependency file: /Turismo-Torrevieja/package.json
Path to vulnerable library: /tmp/git/Turismo-Torrevieja/node_modules/is-my-json-valid/package.json
Dependency Hierarchy: - cli-1.6.1.tgz (Root Library) - node-sass-4.7.2.tgz - request-2.79.0.tgz - har-validator-2.0.6.tgz - :x: **is-my-json-valid-2.17.1.tgz** (Vulnerable Library)
Found in HEAD commit: 5fe809a2e7cf19f24da932e71d58c622ec363c70
Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service (ReDoS) via the email validation function.
Publish Date: 2018-04-21
URL: WS-2018-0069
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/572
Release Date: 2018-01-24
Fix Resolution: 1.4.1
Step up your Open Source Security Game with WhiteSource here
WS-2018-0069 - Low Severity Vulnerability
A JSONSchema validator that uses code generation to be extremely fast
Library home page: https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.17.1.tgz
Path to dependency file: /Turismo-Torrevieja/package.json
Path to vulnerable library: /tmp/git/Turismo-Torrevieja/node_modules/is-my-json-valid/package.json
Dependency Hierarchy: - cli-1.6.1.tgz (Root Library) - node-sass-4.7.2.tgz - request-2.79.0.tgz - har-validator-2.0.6.tgz - :x: **is-my-json-valid-2.17.1.tgz** (Vulnerable Library)
Found in HEAD commit: 5fe809a2e7cf19f24da932e71d58c622ec363c70
Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service (ReDoS) via the email validation function.
Publish Date: 2018-04-21
URL: WS-2018-0069
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/572
Release Date: 2018-01-24
Fix Resolution: 1.4.1
Step up your Open Source Security Game with WhiteSource here