CNNVD-202511-2967 Information

CNNVD ID

CNNVD-202511-2967

Related CVE

CVE-2025-12758

• CNNVD Published: 2025-11-27

Description (Chinese)

Validator.js是validatorjs开源的一个字符串验证器 Validator.js 13.15.22之前版本存在安全漏洞，该漏洞源于isLength函数未考虑Unicode变体选择器，可能导致字符串长度计算不当。

Description (English)

Validator.js is a string certifier for the open source of Validatorjs The previous version of Validator.js 13.15.22 had a security loophole, which stemmed from the fact that the IsLength function did not consider the Unicode Variant Selector, which could lead to an incorrect calculation of the string length.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

validatorjs

Published

2025-11-27

Last Modified

2026-02-24

References

https://gist.github.com/koral–/ad31208b25b9e3d1e2e35f1d4d72572e https://github.com/validatorjs/validator.js/pull/2616 https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-13653476

Patch

https://github.com/validatorjs/validator.js/releases