CVE-2020-26309 HIGH

CVE-2020-26309: GHSL-2020-303: Regular Expression Denial of Service (ReDoS) in nope-validator

Vendor Ftonato
Product nope-validator
Weakness CWE-1333
Published October 26, 2024
Last update October 28, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green

What the vulnerability does

01Description

Validate.js provides a declarative way of validating javascript objects. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available.

Key dates

02Disclosure timeline

October 26, 2024 CVE published
October 28, 2024 Record updated