Vulnerability Description
It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Is-My-Json-Valid Project | Is-My-Json-Valid | < 1.4.1 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1546357Issue TrackingPatchThird Party Advisory
- https://snyk.io/vuln/npm:is-my-json-valid:20180214ExploitThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1546357Issue TrackingPatchThird Party Advisory
- https://snyk.io/vuln/npm:is-my-json-valid:20180214ExploitThird Party Advisory
FAQ
What is CVE-2018-1107?
CVE-2018-1107 is a vulnerability with a CVSS score of 5.3 (MEDIUM). It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it...
How severe is CVE-2018-1107?
CVE-2018-1107 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1107?
Check the references section above for vendor advisories and patch information. Affected products include: Is-My-Json-Valid Project Is-My-Json-Valid.