WS-2017-0247 (Low) detected in ms-0.7.2.tgz, ms-0.7.1.tgz #9
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2017-0247 - Low Severity Vulnerability
ms-0.7.2.tgz
Tiny milisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz
Path to dependency file: vulnerable-node/package.json
Path to vulnerable library: vulnerable-node/node_modules/serve-favicon/node_modules/ms/package.json
Dependency Hierarchy:
ms-0.7.1.tgz
Tiny ms conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz
Path to dependency file: vulnerable-node/package.json
Path to vulnerable library: vulnerable-node/node_modules/ms/package.json
Dependency Hierarchy:
Found in HEAD commit: c2710dc26e7af51487170b269cd7bb94d4edb4df
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).
Publish Date: 2017-04-12
URL: WS-2017-0247
Base Score Metrics not available
Type: Upgrade version
Origin: vercel/ms#89
Release Date: 2017-04-12
Fix Resolution: 2.1.1
The text was updated successfully, but these errors were encountered: