CVE-2021-3765 (High) detected in validator-13.6.0.tgz
Closed this issue · 2 comments
mend-bolt-for-github commented
CVE-2021-3765 - High Severity Vulnerability
Vulnerable Library - validator-13.6.0.tgz
String validation and sanitization
Library home page: https://registry.npmjs.org/validator/-/validator-13.6.0.tgz
Path to dependency file: dadbot/package.json
Path to vulnerable library: dadbot/node_modules/validator/package.json
Dependency Hierarchy:
- sequelize-6.6.5.tgz (Root Library)
- ❌ validator-13.6.0.tgz (Vulnerable Library)
Found in HEAD commit: 4ca66cab220b9f3015c1fc39acd7203329b63088
Vulnerability Details
validator.js is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-11-02
URL: CVE-2021-3765
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-qgmg-gppg-76g5
Release Date: 2021-11-02
Fix Resolution: validator - 13.7.0
Step up your Open Source Security Game with WhiteSource here
WaviestBalloon commented
I believe this should be closed
AlekEagle commented
ill take care of it later