Zod 3.22.2 - Regular expression Denial of Service
CVE-2023-4316

7.5HIGH

Key Information:

Vendor: Zod
Status: Zod
Vendor: CVE Published:; 28 September 2023

What is CVE-2023-4316?

The Zod library, specifically in versions 3.21.0 to 3.22.3, contains a vulnerability that allows attackers to exploit email validation processes, leading to potential denial of service conditions. This issue can be triggered in scenarios where the library is used to validate user input. As a result, the application's responsiveness could be severely compromised, making it essential for developers to address this vulnerability to ensure robust security.

Affected Version(s)

Zod 3.21.0 <= 3.22.3

References

https://fluidattacks.com/advisories/swift

https://www.npmjs.com/package/zod

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2023
Vulnerability Reserved
Aug 11, 2023

CVE-2023-4316 Data

JSON