cancel
Showing results for 
Search instead for 
Did you mean: 

Regarding validator@10.11.0 Vulnerability

SOLVED
AbdulSamad
New Member

Regarding validator@10.11.0 Vulnerability

Hi everyone,

 

I am using latest version of Swagger-tools@0.10.4 and its having a vulnerability in one of its dependency - validator@10.11.0

 

Details of the vulnerability -

validator @ 10.11.0 - Status: fixed in 13.6.0
validator package versions before 13.6.0 are vulnerable to ReDOS (Regular Expression Denial of Service) via isEmail and isHSL. The vulnerability can happen when checking if the crafted string is an email.

 

Can we please have this vulnerability addressed and released with a new Swagger tools version.

 

 

Thanks,

Abdul Samad

1 ACCEPTED SOLUTION

Accepted Solutions
HKosova
Moderator

Re: Regarding validator@10.11.0 Vulnerability

Hi @AbdulSamad,

 

swagger-tools is not a SmartBear library, it's a third-party community project. Its GitHub repository is here:

https://github.com/apigee-127/swagger-tools

 

I suggest asking this question in the project's issue tracker.


Helen Kosova
SmartBear Documentation Team Lead
________________________
Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️

View solution in original post

1 REPLY 1
HKosova
Moderator

Re: Regarding validator@10.11.0 Vulnerability

Hi @AbdulSamad,

 

swagger-tools is not a SmartBear library, it's a third-party community project. Its GitHub repository is here:

https://github.com/apigee-127/swagger-tools

 

I suggest asking this question in the project's issue tracker.


Helen Kosova
SmartBear Documentation Team Lead
________________________
Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️

View solution in original post

New Here?
Join us and watch the welcome video:
Top Kudoed Authors