CVE-2020-7767

Name of the Vulnerable Software and Affected Versions express-validators versions all

Description The issue concerns a Regular Expression Denial of Service (ReDoS) that occurs when validating specifically-crafted invalid URLs. This can happen in all versions of the express-validators package.

Recommendations For express-validators versions all, consider disabling the URL validation function until a patch is available to prevent potential ReDoS attacks. Restrict access to the validation module to minimize the risk of exploitation. Avoid using the express-validators package for URL validation until the issue is resolved.