CVE-2018-1107

Published: Mar 30, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.

Affected (2)

Products: Is My Json Valid Project: Is My Json Valid

Is My Json Valid Project

1 product

Is My Json Valid

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Is My Json Valid Project Is My Json Valid	Before 1.4.1
Is My Json Valid Project Is My Json Valid	From 2.0.0 to 2.17.2

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1546357

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://snyk.io/vuln/npm:is-my-json-valid:20180214

Source: secalert@redhat.com

ExploitThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1546357

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://snyk.io/vuln/npm:is-my-json-valid:20180214

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.