npm

Severity: moderate

Regular Expression Denial of Service

is-my-json-valid

Overview

Versions of is-my-json-valid prior to 2.12.4 are affected by a regular expression denial of service vulnerability when user input is allowed into a utc-millisec validator.

Remediation

Update to version 2.12.4 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jan 18th, 2016
  2. reported

    Initial report by Adam Baldwin
    Jan 17th, 2016