CVE-2018-1107

Summary

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.

Affected Software

VendorProductVersion RangeStatus
n/anodejs-is-my-json-validis-myjson-valid 2.17.2, is-myjson-valid 1.4.1affected

Weaknesses

  • CWE-400: CWE-400

ADP Enrichment

CVE Program Container

Additional References

References