🚨 PSA: Zod is currently vulnerable across ALL VERSIONS to a Regular Expression Denial of Service: security.snyk.io/vuln/SNYK-JS-Z… A pull request is awaiting a to be merged for a new npm package release to get published but until then I advise monitoring closely
Update: a fix release was published. Please upgrade ASAP x.com/colinhacks/sta… Thank you Colin ❤️
Update: a fix release was published. Please upgrade ASAP x.com/colinhacks/sta… Thank you Colin ❤️
@liran_tal @matteocollina Less dependency, more security. (usually)
@liran_tal I would so wish that being susceptible to DoS would not be conflated with vulnerabilities that enables unauthorized access. Worst case scenario in a DoS: Your service becomes unavailable. Worst case in the other scenario: Extremely bad in regards to data integrity, leaks etc