CVE-2018-1107

{"id": "CVE-2018-1107", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-03-30T02:15:14.593", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://snyk.io/vuln/npm:is-my-json-valid:20180214", "tags": ["Exploit", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://snyk.io/vuln/npm:is-my-json-valid:20180214", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated."}, {"lang": "es", "value": "Se detect\u00f3 que la biblioteca de JavaScript is-my-json-valid usaba una expresi\u00f3n regular ineficiente para comprobar los campos JSON definidos para tener formato de correo electr\u00f3nico. Un archivo JSON especialmente dise\u00f1ado podr\u00eda hacer que consuma una cantidad excesiva de tiempo de CPU cuando se comprueba."}], "lastModified": "2024-11-21T03:59:11.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:is-my-json-valid_project:is-my-json-valid:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "67DFDA57-B2DF-49CD-A01A-129D1822C439", "versionEndExcluding": "1.4.1"}, {"criteria": "cpe:2.3:a:is-my-json-valid_project:is-my-json-valid:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "0A073C02-9957-4C9A-9E7F-153F3475729B", "versionEndExcluding": "2.17.2", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}