[FD] CVE-2025-12758: Unicode Variation Selectors Bypass in 'validator' library (isLength)

[MrBonkers]

Interesting CVE that's relevant for our unicode sanitizer(s) as well: it's not a buffer overflow technically, but functionally it certainly is: when cleaned data is stored/copied to database columns, this can affect data loss.

🤔 Same goes for other zero-width chars, in a way, but these two are special indeed.

[GerHobbelt]

https://seclists.org/fulldisclosure/2026/Jan/27