@ibm-cloud/openapi-ruleset is vulnerable to Regular Expression Denial of Service (ReDoS)
53
Medium Risk
@ibm-cloud/openapi-ruleset validates OpenAPI documents against IBM Cloud API conventions using Spectral rules. The ibm-schema-casing-convention and ibm-parameter-casing-convention rules check schema names and header parameter names with regular expressions that use overlapping, ambiguous quantifiers. A crafted schema name or header parameter name triggers catastrophic backtracking, causing the validation process to exhaust CPU and hang. The fix rewrites both patterns so they match in linear time while keeping the same validation logic.
You are affected if you are using a version that falls within the vulnerable range and you run the validator against OpenAPI documents from untrusted sources.
@ibm-cloud/openapi-ruleset is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 1.14.1 - 1.33.10.
Upgrade the @ibm-cloud/openapi-ruleset library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant