Regarding validator@10.11.0 Vulnerability

Question

Hi everyone,&nbsp;I am using latest version of Swagger-tools@0.10.4&nbsp;and its having a vulnerability in one of its dependency -&nbsp;validator@10.11.0&nbsp;Details of the vulnerability -validator @ 10.11.0 - Status: fixed in 13.6.0validator package versions before 13.6.0 are vulnerable to ReDOS (Regular Expression Denial of Service) via isEmail and isHSL. The vulnerability can happen when checking if the crafted string is an email.&nbsp;Can we please have this vulnerability addressed and released with a new Swagger tools version.&nbsp;&nbsp;Thanks,Abdul Samad

hkosova · Accepted Answer

Hi&nbsp;AbdulSamad,
&nbsp;
swagger-tools is not a SmartBear library, it's a third-party community project. Its GitHub repository is here:
https://github.com/apigee-127/swagger-tools
&nbsp;
I suggest asking this question in the project's issue tracker.

Forum Discussion

Regarding validator@10.11.0 Vulnerability

1 Reply

Related Content

Log4J vulnerability

Does SoapUI 5.6.0 has log4j vulnerability?

OpenJDK Multiple Vulnerabilities

SoapUI 5.5.0 Log4j vulnerability

Log4j Vulnerability - Swagger

Recent Discussions

ID_TOKEN as the header in the Google OAUTH2.0

How to hide an endpoint from openaopi 3.0

I can't see the "add item" button in swagger UI

Swagger Convertor Gateway Time-out

Authorization Tag For Basic BASE64 Encoding