Zod jsVideoUrlParser util.js getTime redos_CVE-2026-5986

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-5986

Source VulDB

Published Apr 9, 2026 at 22:30

Affected Product

Vendor Zod

Product jsVideoUrlParser

Version 0.5.0

Affected Versions Zod jsVideoUrlParser 0.5.0
Zod jsVideoUrlParser 0.5.1

CWE Classification

CWE-1333 CWE-400

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-04-09T22:30:14.639Z",
    "modified": "2026-04-09T22:30:14.639Z",
    "type": "cve",
    "title": "Zod jsVideoUrlParser util.js getTime redos",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/356540\nhttps://vuldb.com/vuln/356540/cti\nhttps://vuldb.com/submit/791911\nhttps://github.com/Zod-/jsVideoUrlParser/issues/121\nhttps://github.com/Zod-/jsVideoUrlParser/issues/121#issue-4159661957",
    "id": "CVE-2026-5986",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1333",
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "Zod jsVideoUrlParser 0.5.0\nZod jsVideoUrlParser 0.5.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jsVideoUrlParser",
    "version": "0.5.0",
    "vendor": "Zod",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}