Regarding validator@10.11.0 Vulnerability

Question

Hi everyone,&nbsp;I am using latest version of Swagger-tools@0.10.4&nbsp;and its having a vulnerability in one of its dependency -&nbsp;validator@10.11.0&nbsp;Details of the vulnerability -validator @ 10.11.0 - Status: fixed in 13.6.0validator package versions before 13.6.0 are vulnerable to ReDOS (Regular Expression Denial of Service) via isEmail and isHSL. The vulnerability can happen when checking if the crafted string is an email.&nbsp;Can we please have this vulnerability addressed and released with a new Swagger tools version.&nbsp;&nbsp;Thanks,Abdul Samad

hkosova · Accepted Answer

Hi&nbsp;AbdulSamad,
&nbsp;
swagger-tools is not a SmartBear library, it's a third-party community project. Its GitHub repository is here:
https://github.com/apigee-127/swagger-tools
&nbsp;
I suggest asking this question in the project's issue tracker.

Forum Discussion

Regarding validator@10.11.0 Vulnerability

Related Content

Log4J vulnerability

SoapUI 5.5.0 Log4j vulnerability

Does SoapUI 5.6.0 has log4j vulnerability?

Log4j Vulnerability - Swagger

log4j security vulnerability

Recent Discussions

Bootstrapped servlet returns empty JSON as of 2.2.24

Python 3.6 client support

I want to add variable in swagger like postman

Endpoint Expansion

Mixed-Type Arrays with java swagger-annotations 2.0.3.