All vulnerabilities

CVE-2020-7754

Regular expression denial of service in npm-user-validate

Description

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Score
7.5
Severity
High
Ecosystem
JavaScript
Publish Date
May 10, 2021
Modified Date
March 13, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions