Vulnerabilities > CVE-2020-26302 - Unspecified vulnerability in Is.Js Project Is.Js

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

is-js-project

NVD

Published: 2022-12-22

Updated: 2023-11-07

Summary

is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to loop “forever." This vulnerability was found using a CodeQL query which identifies inefficient regular expressions. is.js has no patch for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Is.Js_Project Is.Js Project Is.Js 0.2.0 Is.Js Project Is.Js 0.2.1 Is.Js Project Is.Js 0.2.2 Is.Js Project Is.Js 0.2.3 Is.Js Project Is.Js 0.3.0 Is.Js Project Is.Js 0.3.1 Is.Js Project Is.Js 0.4.0 Is.Js Project Is.Js 0.4.1 Is.Js Project Is.Js 0.5.0 Is.Js Project Is.Js 0.5.1 Is.Js Project Is.Js 0.5.2 Is.Js Project Is.Js 0.6.0 Is.Js Project Is.Js 0.7.0 Is.Js Project Is.Js 0.7.1 Is.Js Project Is.Js 0.7.2 Is.Js Project Is.Js 0.7.3 Is.Js Project Is.Js 0.7.4 Is.Js Project Is.Js 0.7.5 Is.Js Project Is.Js 0.7.6 Is.Js Project Is.Js 0.8.0 Is.Js Project Is.Js 0.9.0	21

Summary

Vulnerable Configurations

References