Denial of Service in foreman

Description

All versions of foreman are vulnerable to Regular Expression Denial of Service when requests to it are made with a specially crafted path.

Recommendation

Update the foreman package to the latest compatible version. Followings are version details:

• Affected version(s): < 3.0.1
• Patched version(s): 3.0.1

References

• GHSA-xm28-fw2x-fqv2
• hackerone.com
• www.npmjs.com
• snyk.io
• CWE-400

Related Issues

• Regular Expression Denial of Service in millisecond - Vulnerability
• Denial of Service in serialize-to-js - Vulnerability
• Denial of Service in rgb2hex - Vulnerability
• Regular Expression Denial of Service in clean-css - Vulnerability

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

foreman