Regular Expression Denial of Service

Module: validator

Published: November 12th, 2014

Reported by: Karl Düüna

CVE-2014-8882

Vulnerable: <3.22.1
Patched: >=3.22.1

Overview

The validator module, versions < 3.22.1 are vulnerable to Regular Expression Denial of Service (ReDoS) in the isURL method.

Remediation

Update to version 3.22.1 or greater.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo