Description
Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.
Recommendation
Update the ms package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.7.1
- Patched version(s): 0.7.1
References
- GHSA-3fx5-fwvr-xrjg
- support.f5.com
- www.openwall.com
- web.archive.org
- nodesecurity.io
- www.securityfocus.com
- CVE-2015-8315
- CWE-1333
- CWE-400
- CAPEC-310
- OWASP 2021-A6
Related Issues
- Regular Expression Denial of Service in marked - CVE-2015-8854
- Regular Expression Denial of Service in uglify-js - CVE-2015-8858
- angular vulnerable to regular expression denial of service (ReDoS) - CVE-2022-25844
- Regular Expression Denial of Service (ReDoS) in lodash - CVE-2020-28500
- Tags:
- npm
- ms
Anything's wrong? Let us know Last updated on August 01, 2024