A flaw was discovered in is-myjson-valid before 1.4.1 and 2.17.2. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. It used a regular expression (/^\S+@\S+$/) in order to validate emails. This can cause an impact of about 10 seconds matching time for data 90K characters long.
Created nodejs-is-my-json-valid tracking bugs for this issue:
Affects: fedora-all [bug 1546358]
NodeJS is shipped in Openshift Enterprise 3.9 as ImageStreams. Those ImageStreams are the RH Software Collection images. Setting Openshift Enterprise 3 as not affected.