Azure/azure-storage-node

Vulnerability "Inefficient Regular Expression Complexity in validator.js"

georgii-sirotkin opened this issue ยท 9 comments

Which service(blob, file, queue, table) does this issue concern?

Vulnerability is found in validator dependency

Which version of the SDK was used?

2.10.5

What's the Node.js/Browser version?

6.14.6

What problem was encountered?

npm audit finds vulnerability "Inefficient Regular Expression Complexity in validator.js" GHSA-qgmg-gppg-76g5
vulnerability-info

Steps to reproduce the issue?

npm audit

Have you found a mitigation/solution?

PR #699 has been created by dependabot

This is impacting our npm audits as well. Would love to see this merged and published. ๐Ÿ™

Another vulnerability - Regular Expression Denial of Service is also detected in validator 13.6.0 and is fixed in 13.7.0.
https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600

Would love to see this published.

Checking up on this since the PR #699 was created 2 weeks ago. Would also like to see this merged and published.

please merge this, thanks a lot.

please merge this, thanks a lot.

Hi @EmmaZhu , thank you for merging the PR. Could you please share an information on when the new version of the package will be released?

Hi @DmitriyKirakosyan ,

We are preparing for the release, should be able to release it in the next week.

Thanks
Emma

We published azure-storage@2.10.6 to upgrade to validator 13.7.0. to address this issue.

Thanks
Emma