Description
Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.
Recommendation
Update the ms package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.7.1
- Patched version(s): 0.7.1
References
- GHSA-3fx5-fwvr-xrjg
- support.f5.com
- www.openwall.com
- web.archive.org
- nodesecurity.io
- www.securityfocus.com
- CVE-2015-8315
- CWE-1333
- CWE-400
- CAPEC-310
- OWASP 2021-A6
Related Issues
- Directory Traversal in node-simple-router - CVE-2017-16083
- csvjson vulnerable to prototype injection - CVE-2025-57318
- Prebid.js NPM package briefly compromised - CVE-2025-59038
- devalue prototype pollution vulnerability - CVE-2025-57820
- Tags:
- npm
- ms
Anything's wrong? Let us know Last updated on August 01, 2024