Description
Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.
Recommendation
Update the ms package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.7.1
- Patched version(s): 0.7.1
References
- GHSA-3fx5-fwvr-xrjg
- support.f5.com
- www.openwall.com
- web.archive.org
- nodesecurity.io
- www.securityfocus.com
- CVE-2015-8315
- CWE-1333
- CWE-400
- CAPEC-310
- OWASP 2021-A6
Related Issues
- Angular vulnerable to Cross-site Scripting - CVE-2020-7676
- Vercel ms Inefficient Regular Expression Complexity vulnerability - CVE-2017-20162
- rollbar vulnerable to prototype pollution - CVE-2025-57325
- csvjson vulnerable to prototype injection - CVE-2025-57318
- Tags:
- npm
- ms
Anything's wrong? Let us know Last updated on August 01, 2024