CVE-2020-26302

Name of the Vulnerable Software and Affected Versions is.js versions 0.9.0 and prior

Description is.js is a general-purpose check library that contains one or more regular expressions vulnerable to Regular Expression Denial of Service (ReDoS). The library uses a regex to validate URLs, which can cause it to loop "forever" when trying to validate a malicious string. This issue was identified using a CodeQL query that detects inefficient regular expressions.

Recommendations For versions 0.9.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.