Description
Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.
Recommendation
Update the ms package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.7.1
- Patched version(s): 0.7.1
References
- GHSA-3fx5-fwvr-xrjg
- support.f5.com
- www.openwall.com
- web.archive.org
- nodesecurity.io
- www.securityfocus.com
- CVE-2015-8315
- CWE-1333
- CWE-400
- CAPEC-310
- OWASP 2021-A6
Related Issues
- Regular Expression Denial of Service in uglify-js - CVE-2015-8858
- Regular Expression Denial of Service in marked - CVE-2015-8854
- angular vulnerable to regular expression denial of service via the $resource service - CVE-2023-26117
- Regular Expression Denial of Service in debug - CVE-2017-16137
You might also like:
- Tags:
- npm
- ms
Anything's wrong? Let us know Last updated on August 01, 2024


