[MODGQL-143] Update validator from ^10.0.0 to ^13.7.0 fixing ReDoS (CVE-2021-3765) - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: TBD
Resolution: Done
Affects Version/s: 1.9.0
Fix Version/s: 1.10.0
Labels:
- security

Template:
Development Team:
Thor

Description

validator < 13.7.0 is vulnerable to a ReDoS attack (Regular Expression Denial of Service caused by Inefficient Regular Expression Complexity): https://nvd.nist.gov/vuln/detail/CVE-2021-3765

mod-graphql requires z-schema@3.21.0 requires validator@^10.0.0.

TestRail: Results

Attachments

Activity

People

Assignee:: Mike Taylor

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 30/Nov/21 10:51 PM

Updated:: 01/Dec/21 12:53 PM

Resolved:: 01/Dec/21 12:53 PM

Update validator from ^10.0.0 to ^13.7.0 fixing ReDoS (CVE-2021-3765)