Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Vulnerability "Inefficient Regular Expression Complexity in validator.js"

See original GitHub issue

Which service(blob, file, queue, table) does this issue concern?

Vulnerability is found in validator dependency

Which version of the SDK was used?

2.10.5

What’s the Node.js/Browser version?

6.14.6

What problem was encountered?

npm audit finds vulnerability “Inefficient Regular Expression Complexity in validator.js” https://github.com/advisories/GHSA-qgmg-gppg-76g5 vulnerability-info

Steps to reproduce the issue?

npm audit

Have you found a mitigation/solution?

PR https://github.com/Azure/azure-storage-node/pull/699 has been created by dependabot

Issue Analytics

State:
Created 2 years ago
Reactions:10
Comments:9

Top GitHub Comments

7reactions

EmmaZhucommented, Dec 8, 2021

Hi @DmitriyKirakosyan ,

We are preparing for the release, should be able to release it in the next week.

Thanks Emma

6reactions

boutellcommented, Nov 4, 2021

This is impacting our npm audits as well. Would love to see this merged and published. 🙏

Top Results From Across the Web

Inefficient Regular Expression Complexity in validator.js - GitHub

Inefficient Regular Expression Complexity in validator.js ... validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression ...

Inefficient Regular Expression Complexity in validatorjs ...

I would like to report a Regular Expression Denial of Service (ReDoS) vulnerability in validator. It allows cause a denial of service when ......

Inefficient Regular Expression Complexity in ... - Vulners

Description. validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. Affected Software. CPE Name, Name, Version ...

Vulnerability Details : CVE-2021-3765

CVE-2021-3765 : validator.js is vulnerable to Inefficient Regular Expression Complexity.

CWE-1333: Inefficient Regular Expression Complexity (4.9)

CWE-1333: Inefficient Regular Expression Complexity · The number of possible backtracking attempts are exponential relative to the length of the input. · The ......