CVE-2020-7754
Aliases:GHSA-pw54-mh39-w3hc
Advisory lineage Upstream: 0 Downstream: 6
Modified
Published: 27 Oct 2020, 15:05
Last modified:17 Sept 2024, 04:28
Vulnerability Summary
Overall Risk (default)
medium
40/100 CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
1.8% LOW
2% probability +0.17%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
27 Oct 2020, 15:05
Published
Vulnerability first disclosed
17 Sept 2024, 04:28
Last Modified
Vulnerability information updated
Description
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 1.80%• Percentile: 83%
Affected Systems
- Npm•npm-user-validate
< 1.0.1
- npmjs•npm-user-validate
< 1.0.1
References (5)
- https://snyk.io/vuln/SNYK-JS-NPMUSERVALIDATE-1019352
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019353
- https://github.com/npm/npm-user-validate/security/advisories/GHSA-xgh6-85xh-479p
- https://github.com/npm/npm-user-validate/commit/c8a87dac1a4cc6988b5418f30411a8669bef204e
- https://nvd.nist.gov/vuln/detail/CVE-2020-7754