Forum Discussion

AbdulSamad's avatar
AbdulSamad
New Member
4 years ago

Regarding validator@10.11.0 Vulnerability

Hi everyone,

 

I am using latest version of Swagger-tools@0.10.4 and its having a vulnerability in one of its dependency - validator@10.11.0

 

Details of the vulnerability -

validator @ 10.11.0 - Status: fixed in 13.6.0
validator package versions before 13.6.0 are vulnerable to ReDOS (Regular Expression Denial of Service) via isEmail and isHSL. The vulnerability can happen when checking if the crafted string is an email.

 

Can we please have this vulnerability addressed and released with a new Swagger tools version.

 

 

Thanks,

Abdul Samad