{"containers": {"cna": {"affected": [{"product": "nodejs-is-my-json-valid", "vendor": "n/a", "versions": [{"status": "affected", "version": "is-myjson-valid 2.17.2, is-myjson-valid 1.4.1"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-30T01:48:27", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/npm:is-my-json-valid:20180214"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "nodejs-is-my-json-valid", "version": {"version_data": [{"version_value": "is-myjson-valid 2.17.2, is-myjson-valid 1.4.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"}, {"name": "https://snyk.io/vuln/npm:is-my-json-valid:20180214", "refsource": "MISC", "url": "https://snyk.io/vuln/npm:is-my-json-valid:20180214"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:48.538Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/npm:is-my-json-valid:20180214"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1107", "datePublished": "2021-03-30T01:48:27", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T03:51:48.538Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:is-my-json-valid_project:is-my-json-valid:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "67DFDA57-B2DF-49CD-A01A-129D1822C439", "versionEndExcluding": "1.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:is-my-json-valid_project:is-my-json-valid:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "0A073C02-9957-4C9A-9E7F-153F3475729B", "versionEndExcluding": "2.17.2", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated."}, {"lang": "es", "value": "Se detect\u00f3 que la biblioteca de JavaScript is-my-json-valid usaba una expresi\u00f3n regular ineficiente para comprobar los campos JSON definidos para tener formato de correo electr\u00f3nico. Un archivo JSON especialmente dise\u00f1ado podr\u00eda hacer que consuma una cantidad excesiva de tiempo de CPU cuando se comprueba."}], "id": "CVE-2018-1107", "lastModified": "2024-11-21T03:59:11.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-30T02:15:14.593", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/npm:is-my-json-valid:20180214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/npm:is-my-json-valid:20180214"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:3917", "cpe": "cpe:/a:redhat:quay:3::el8", "impact": "low", "package": "quay/quay-rhel8:v3.6.0-62", "product_name": "Red Hat Quay 3", "release_date": "2021-10-19T00:00:00Z"}], "bugzilla": {"description": "nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format", "id": "1546357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-400", "details": ["It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.", "It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated."], "name": "CVE-2018-1107", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs-is-my-json-valid", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Affected", "package_name": "nodejs-is-my-json-valid", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:3", "fix_state": "Not affected", "package_name": "nodejs-is-my-json-valid", "product_name": "Red Hat OpenShift Enterprise 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-nodejs6-nodejs-is-my-json-valid", "product_name": "Red Hat Software Collections"}], "public_date": "2018-02-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1107\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1107\nhttps://snyk.io/vuln/npm:is-my-json-valid:20180214"], "statement": "In Red Hat Quay the is-my-json-valid library is included as a build time dependency of protractor. It's only used at build time, not at runtime reducing the impact to low.", "threat_severity": "Moderate"}