CVE-2021-21267

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-21267

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21267.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-21267

Aliases

GHSA-f38p-c2gq-4pmr

Related

GHSA-f38p-c2gq-4pmr

Published

2021-03-19T21:15:12.417Z

Modified

2025-11-14T11:13:43.873013Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.

References

Affected packages

Git / github.com/atinux/schema-inspector

Affected ranges

Type: GIT
Repo: https://github.com/atinux/schema-inspector
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e02ea1f68a5db977c8f33a186011142f9d9239ea

Affected versions

1.*

1.7.0

v1.*

v1.4.6

v1.4.7

v1.4.8

v1.6.10

v1.6.7

v1.6.8

v1.6.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21267.json"