Description
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Recommendation
Update the ms package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.0.0
- Patched version(s): 2.0.0
References
Related Issues
- Axios is vulnerable to DoS attack through lack of data size check - CVE-2025-58754
- Parse Server's custom object ID allows to acquire role privileges - CVE-2024-47183
- XSS in jQuery as used in Drupal, Backdrop CMS, and other products - CVE-2019-11358
- Bootstrap Vulnerable to Cross-Site Scripting (GHSA-9v3m-8fp8-mj99) - CVE-2019-8331
- Tags:
- npm
- ms
Anything's wrong? Let us know Last updated on October 20, 2023