CVE-2016-2537

High

The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote…

mitre·CWE-20·Published 2016-02-23

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

217 chars

The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.

NVDen

217 chars

OSV.deven

197 chars

Version of `is-my-json-valid` before 2.12.4 are vulnerable to regular expression denial of service (ReDoS) via the email validation function. ## Recommendation Update to version 2.12.4 or later.

GHSAen

197 chars

Version of `is-my-json-valid` before 2.12.4 are vulnerable to regular expression denial of service (ReDoS) via the email validation function. ## Recommendation Update to version 2.12.4 or later.

NVDes

271 chars

El paquete is-my-json-valid en versiones anteriores a 2.12.4 para Node.js tiene una expresión regular exports['utc-millisec'] incorrecta, lo que permite a atacantes remotos causar una denegación de servicio (bucle de eventos bloqueados) a través de una cadena manipulada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.0	Primary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H