NVD

Id
18742  
Name
CVE-2016-2537  
Description
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports["utc-millisec"] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2016-02-23  
Modified Date
2016-02-29  
Seq
2016-2537  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
103542 18742 CVE-2016-2537 https://github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b  View
103543 18742 CVE-2016-2537 https://nodesecurity.io/advisories/76  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
752 JVNDB-2016-001525 Node.js 用 is-my-json-valid パッケージにおけるサービス運用妨害 (DoS) の脆弱性 Node.js 用 is-my-json-valid パッケージは、不正な exports["utc-millisec"] 正規表現を持つため、サービス運用妨害 (イベントループのブロック) 状態にされる脆弱性が存在します。 CVE-2016-2537 89043 CVE-2016-2537 18742 5 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001525.html 2016-01-18 2016-03-01 View