Red Hat Bugzilla – Bug 1299498
CVE-2016-2537 nodejs-is-my-json-valid: Regular expression DoS using utc-millisec format
Last modified: 2017-02-18 09:28:44 EST
A regular expression denial of service vulnerability was found in is-my-json-valid. It is possible to block the event loop when specially crafted user input is allowed into a validator using the utc-millisec format.
Created nodejs-is-my-json-valid tracking bugs for this issue:
Affects: fedora-all [bug 1299499]
nodejs-is-my-json-valid-2.12.4-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
nodejs-is-my-json-valid-2.12.4-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This is fixed in all Fedora releases