Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Joyent Node.js is-my-json-valid 拒绝服务漏洞
Vulnerability Description
Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。is-my-json-valid是其中的一个JSONSchema(描述JSON数据格式)验证包。 Joyent Node.js is-my-json-valid 2.12.4之前版本中存在安全漏洞,该漏洞源于程序不正确地输出(使用utc-millisec格式)正则表达式。远程攻击者可借助特制的字符串利用该漏洞造成拒绝服务(限制事件循环)。
CVSS Information
N/A
Vulnerability Type
N/A