Solved: Regarding validator@10.11.0 Vulnerability

AbdulSamad · ‎05-24-2021

Hi everyone,

I am using latest version of Swagger-tools@0.10.4 and its having a vulnerability in one of its dependency - validator@10.11.0

Details of the vulnerability -

validator @ 10.11.0 - Status: fixed in 13.6.0
validator package versions before 13.6.0 are vulnerable to ReDOS (Regular Expression Denial of Service) via isEmail and isHSL. The vulnerability can happen when checking if the crafted string is an email.

Can we please have this vulnerability addressed and released with a new Swagger tools version.

Thanks,

Abdul Samad

HKosova · ‎05-25-2021

Hi @AbdulSamad,

swagger-tools is not a SmartBear library, it's a third-party community project. Its GitHub repository is here:

https://github.com/apigee-127/swagger-tools

I suggest asking this question in the project's issue tracker.

Helen Kosova
SmartBear Documentation Team Lead
________________________
Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️

Regarding validator@10.11.0 Vulnerability

Regarding validator@10.11.0 Vulnerability

Swagger UI 2.0 CORS Issue While Accessing Salesfor...

Swagger Definition

how to make enum extends two enums

API keys transported in a header over network

How can I use swagger to allow field as MultipartF...