All the vulnerabilites related to ftonato - nope-validator
cve-2020-26309
Vulnerability from cvelistv5
Published
2024-10-26 20:26
Modified
2024-10-28 14:18
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green
Summary
GHSL-2020-303: Regular Expression Denial of Service (ReDoS) in nope-validator
References
https://securitylab.github.com/advisories/GHSL-2020-303-redos-nope-validator/
https://github.com/ftonato/nope-validator/issues/352
Impacted products
ftonatonope-validator
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ftonato:nope-validator:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nope-validator",
            "vendor": "ftonato",
            "versions": [
              {
                "lessThanOrEqual": "0.11.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-26309",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T14:16:00.043101Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T14:18:10.390Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "nope-validator",
          "repo": "https://github.com/ftonato/nope-validator",
          "vendor": "ftonato",
          "versions": [
            {
              "lessThanOrEqual": "0.11.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eValidate.js provides a declarative way of validating javascript objects.\u003c/span\u003e Versions 0.11.3 and prior\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtain one or more regular expressions that are vulnerable to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRegular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Validate.js provides a declarative way of validating javascript objects. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-26T20:26:28.746Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://securitylab.github.com/advisories/GHSL-2020-303-redos-nope-validator/"
        },
        {
          "url": "https://github.com/ftonato/nope-validator/issues/352"
        }
      ],
      "source": {
        "advisory": "GHSL-2020-303",
        "discovery": "UNKNOWN"
      },
      "title": "GHSL-2020-303: Regular Expression Denial of Service (ReDoS) in nope-validator",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-26309",
    "datePublished": "2024-10-26T20:26:28.746Z",
    "dateReserved": "2020-10-01T00:00:00.000Z",
    "dateUpdated": "2024-10-28T14:18:10.390Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}