7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7754

GHSA ID

GHSA-pw54-mh39-w3hc

EPSS Score

0.81063%

CWE

CWE-400

Published

5/10/2021

Updated

2/1/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-7754

CVE-2020-7754:
Regular expression denial of service in npm-user-validate

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7754

GHSA ID

GHSA-pw54-mh39-w3hc

EPSS Score

0.81063%

CWE

CWE-400

Published

5/10/2021

Updated

2/1/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
npm-user-validate	npm	< 1.0.1	1.0.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

T*is *****ts t** p**k*** npm-us*r-v*li**t* ***or* *.*.*. T** r***x t**t v*li**t*s us*r *m*ils took *xpon*nti*lly lon**r to pro**ss lon* input strin*s ***innin* wit* @ ***r**t*rs.

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2020-7754: Regular expression denial of service in npm-user-validate

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-7754:
Regular expression denial of service in npm-user-validate

Vulnerability Intelligence
Miggo AI