CVE-2014-8882

Description

Versions of `validator` prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the `isURL` method. ## Recommendation Update to version 3.22.1 or later.

Affected packages (1)

• npm/validatorfrom 0, < 3.22.1

CVSS scores

References (5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-8882
• PATCHhttps://github.com/chriso/validator.js
• WEBhttps://github.com/chriso/validator.js/issues/152#issuecomment-48107184
• WEBhttps://snyk.io/vuln/npm:validator:20130705
• WEBhttps://www.npmjs.com/advisories/42