Fix validator — CVE-2021-3765 HIGH
Fix CVE-2021-3765 (HIGH) in validator for npm. Paste your package.json into PackageFix and get a patched version — no CLI, no signup. Redos via crafted email address.
⚠ Vulnerability
CVE-2021-3765 (HIGH) — ReDoS via crafted email address in validator versions below 13.11.0.
Vulnerable Version — package.json
"validator": "13.7.0"
Fixed Version — package.json
"validator": "13.11.0"
✓ Fix
Update validator to 13.11.0 or later. Run npm install to apply. Verify with your ecosystem's audit tool after updating.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2021-3765 |
| Severity | HIGH |
| Package | validator (npm) |
| Vulnerable versions | Below 13.11.0 |
| Safe version | 13.11.0 |
| CISA KEV | — |
| Description | Redos via crafted email address |
Frequently Asked Questions
What is CVE-2021-3765?
CVE-2021-3765 is a HIGH severity vulnerability in validator (npm). It allows ReDoS via crafted email address. Update to version 13.11.0 or later to fix it.
How do I fix CVE-2021-3765 in validator?
Update validator to version 13.11.0 in your package.json. Run npm install after updating to apply the fix.
Is CVE-2021-3765 being actively exploited?
Check the live CISA KEV catalog at packagefix.dev — PackageFix always reflects the current KEV status.
How do I check if I am affected by CVE-2021-3765?
Paste your package.json into PackageFix. If your installed version of validator is below 13.11.0, you are affected. PackageFix shows the exact CVE ID and fix version.
What search queries does this page target?
This page covers: validator npm CVE, validator ReDoS, validator vulnerability.