Description
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Recommendation
Update the ms package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.0.0
- Patched version(s): 2.0.0
References
Related Issues
- debug Inefficient Regular Expression Complexity vulnerability - CVE-2017-20165
- steal Inefficient Regular Expression Complexity vulnerability via string variable - CVE-2022-37259
- string-kit Inefficient Regular Expression Complexity vulnerability - CVE-2021-4299
- axios Inefficient Regular Expression Complexity vulnerability - CVE-2021-3749
- Tags:
- npm
- ms
Anything's wrong? Let us know Last updated on November 04, 2025