Never-ending Pumpkin Mulch
Severity: moderate

Regular Expression Denial of Service

is-my-json-valid

Overview

Versions of is-my-json-valid prior to 2.12.4 are affected by a regular expression denial of service vulnerability when user input is allowed into a utc-millisec validator.

Remediation

Update to version 2.12.4 or later.

Advisory timeline

  1. published

    Advisory published
    Jan 18th, 2016
  2. reported

    Jan 17th, 2016