{"id":"GHSA-vvf2-ppj9-pp49","summary":"Inefficient Regular Expression Complexity in vuelidate","details":"vuelidate is a simple, lightweight model-based validation for Vue.js 2.x & 3.0. A ReDoS (regular expression denial of service) flaw was found in the `@vuelidate/validators` package. An attacker that is able to provide crafted input to the url(input) function may cause an application to consume an excessive amount of CPU.","aliases":["CVE-2021-3794"],"modified":"2023-11-01T04:55:56.564763Z","published":"2021-09-20T20:42:06Z","database_specific":{"cwe_ids":["CWE-1333","CWE-400","CWE-697"],"github_reviewed":true,"severity":"HIGH","nvd_published_at":"2021-09-15T13:15:00Z","github_reviewed_at":"2021-09-16T17:15:49Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3794"},{"type":"WEB","url":"https://github.com/vuelidate/vuelidate/commit/1f0ca31c30e5032f00dbd14c4791b5ee7928f71d"},{"type":"PACKAGE","url":"https://github.com/vuelidate/vuelidate"},{"type":"WEB","url":"https://huntr.dev/bounties/d8201b98-fb91-4c12-a6f7-181b4a20d9b7"}],"affected":[{"package":{"name":"@vuelidate/validators","ecosystem":"npm","purl":"pkg:npm/%40vuelidate/validators"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.0.0-alpha.22"}]}],"database_specific":{"last_known_affected_version_range":"\u003c= 2.0.0-alpha.21","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-vvf2-ppj9-pp49/GHSA-vvf2-ppj9-pp49.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}