PT-2016-5193 · Unknown · Is-My-Json-Valid

Published

2016-02-23

Updated

2018-07-31

CVE-2016-2537

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions is-my-json-valid versions prior to 2.17.2 is-my-json-valid versions prior to 1.4.1

Description The issue is related to an incorrect regular expression in the is-my-json-valid package, which can cause a denial of service (blocked event loop) via a crafted string. This can be exploited by remote attackers. The vulnerability is also described as a regular expression denial of service (ReDoS) via the email validation function.

Recommendations Update to version 1.4.1 or later. Update to version 2.17.2 or later.

Fix

RCE

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-1333

Related Identifiers

CVE-2016-2537

GHSA-CCQ6-3QX5-VMQX

GHSA-F522-FFG8-J8R6

Affected Products

Is-My-Json-Valid

PT-2016-5193 · Unknown · Is-My-Json-Valid

CVE-2016-2537

Weakness Enumeration

Related Identifiers

Affected Products

References · 15