OpenCVE

validator.js is vulnerable to Inefficient Regular Expression Complexity

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Openshift Data Foundation
Validator Project	Validator

Configuration 1 [-]

cpe:2.3:a:validator_project:validator:*:*:*:*:*:node.js:*:*

Package	CPE	Advisory	Released Date
RHODF-4.12-RHEL-8
odf4/mcg-core-rhel8:v4.12.10-2	cpe:/a:redhat:openshift_data_foundation:4.12::el8	RHSA-2023:7820	2023-12-14T00:00:00Z
RHODF-4.13-RHEL-9
odf4/mcg-core-rhel9:v4.13.0-41	cpe:/a:redhat:openshift_data_foundation:4.13::el9	RHSA-2023:3742	2023-06-21T00:00:00Z

References

Link	Providers
https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1
https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9
https://nvd.nist.gov/vuln/detail/CVE-2021-3765
https://www.cve.org/CVERecord?id=CVE-2021-3765

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2021-11-02T07:05:10

Updated: 2024-08-03T17:09:08.828Z

Reserved: 2021-09-03T00:00:00

Link: CVE-2021-3765

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-11-02T07:15:07.280

Modified: 2024-11-21T06:22:22.297

Link: CVE-2021-3765

Redhat

Severity : Moderate

Publid Date: 2021-11-02T00:00:00Z

Links: CVE-2021-3765 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "validatorjs/validator.js", "vendor": "validatorjs", "versions": [{"lessThan": "13.7.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "validator.js is vulnerable to Inefficient Regular Expression Complexity"}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1333", "description": "CWE-1333 Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-02T07:05:10", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1"}], "source": {"advisory": "c37e975c-21a3-4c5f-9b57-04d63b28cfc9", "discovery": "EXTERNAL"}, "title": "Inefficient Regular Expression Complexity in validatorjs/validator.js", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-3765", "STATE": "PUBLIC", "TITLE": "Inefficient Regular Expression Complexity in validatorjs/validator.js"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "validatorjs/validator.js", "version": {"version_data": [{"version_affected": "<", "version_value": "13.7.0"}]}}]}, "vendor_name": "validatorjs"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "validator.js is vulnerable to Inefficient Regular Expression Complexity"}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1333 Inefficient Regular Expression Complexity"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9"}, {"name": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1", "refsource": "MISC", "url": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1"}]}, "source": {"advisory": "c37e975c-21a3-4c5f-9b57-04d63b28cfc9", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:09:08.828Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1"}]}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2021-3765", "datePublished": "2021-11-02T07:05:10", "dateReserved": "2021-09-03T00:00:00", "dateUpdated": "2024-08-03T17:09:08.828Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:validator_project:validator:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "FE164340-06C4-486F-95C9-2AD5651EE909", "versionEndExcluding": "13.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "validator.js is vulnerable to Inefficient Regular Expression Complexity"}, {"lang": "es", "value": "validator.js es vulnerable a una Complejidad de Expresi\u00f3n Regular Ineficiente"}], "id": "CVE-2021-3765", "lastModified": "2024-11-21T06:22:22.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-02T07:15:07.280", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1333"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-1333"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7820", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.12::el8", "package": "odf4/mcg-core-rhel8:v4.12.10-2", "product_name": "RHODF-4.12-RHEL-8", "release_date": "2023-12-14T00:00:00Z"}, {"advisory": "RHSA-2023:3742", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.13::el9", "package": "odf4/mcg-core-rhel9:v4.13.0-41", "product_name": "RHODF-4.13-RHEL-9", "release_date": "2023-06-21T00:00:00Z"}], "bugzilla": {"description": "validator: Inefficient Regular Expression Complexity in Validator.js", "id": "2126299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126299"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-1333", "details": ["validator.js is vulnerable to Inefficient Regular Expression Complexity", "A vulnerability was found in the validator package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability."], "name": "CVE-2021-3765", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Fix deferred", "package_name": "migration-toolkit-virtualization/mtv-ui-rhel8", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "rhacm2/grc-ui-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Out of support scope", "package_name": "validator", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/mcg-core-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "noobaa-core-container", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-multicluster-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "validator", "product_name": "Red Hat Process Automation 7"}], "public_date": "2021-11-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3765\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3765\nhttps://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9"], "threat_severity": "Moderate", "upstream_fix": "validator 13.7.0"}