validator 3.3.0

Direct Vulnerabilities

Known vulnerabilities in the validator package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Incomplete Filtering of One or More Instances of Special Elements validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the `isLength()` function that does not take into account Unicode variation selectors (`\uFE0F`, `\uFE0E`) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service. How to fix Incomplete Filtering of One or More Instances of Special Elements? Upgrade `validator` to version 13.15.22 or higher.	<13.15.22
M Improper Validation of Specified Type of Input validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the `isURL()` function which does not take into account `:` as the delimiter in browsers. An attackers can bypass protocol and domain validation by crafting URLs that exploit the discrepancy in protocol parsing that can lead to Cross-Site Scripting and Open Redirect attacks. How to fix Improper Validation of Specified Type of Input? Upgrade `validator` to version 13.15.20 or higher.	<13.15.20
M Regular Expression Denial of Service (ReDoS) validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `isSlug()` function. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `validator` to version 13.6.0 or higher.	<13.6.0
M Regular Expression Denial of Service (ReDoS) validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `isHSL` function. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `validator` to version 13.6.0 or higher.	<13.6.0
M Regular Expression Denial of Service (ReDoS) validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `isEmail` function. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `validator` to version 13.6.0 or higher.	<13.6.0
M Buffer Overflow `validator` is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Buffer Overflow. It used a regular expression (`/^(?:[A-Z0-9+\/]{4})*(?:[A-Z0-9+\/]{2}==\|[A-Z0-9+\/]{3}=\|[A-Z0-9+\/]{4})$/i`) in order to validate Base64 strings. How to fix Buffer Overflow? Upgrade `validator` to version 5.0.0 or higher.	<5.0.0
M Cross-site Scripting (XSS) `validator` is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in IE9 due to unescaped backticks. How to fix Cross-site Scripting (XSS)? Upgrade `validator` to version 3.35.0 or higher.	>=3.0.0 <3.34.0
H Regular Expression Denial of Service (ReDoS) `validator` is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. It used a regular expression in order to validate URLs. How to fix Regular Expression Denial of Service (ReDoS)? Update to version 3.22.1 or greater.	>=0.1.0 <3.22.1

Vulnerability

Vulnerable Version

Incomplete Filtering of One or More Instances of Special Elements