Validator · Validator · CVE-2025-12758
**Name of the Vulnerable Software and Affected Versions**
validator versions prior to 13.15.22
**Description**
The package validator, in versions prior to 13.15.22, contains an issue related to incomplete filtering of special elements within the `isLength()` function. Specifically, the function does not properly account for Unicode variation selectors (e.g., uFE0F, uFE0E) when calculating string length. This can result in the function accepting strings that are longer than expected, potentially leading to data truncation, buffer overflows, or denial-of-service conditions. The issue stems from improper string length calculation.
**Recommendations**
Update to validator version 13.15.22 or later.