Skungee/Website

WS-2017-0247 (Low) detected in ms-0.7.1.tgz

Opened this issue · 0 comments

mend-bolt-for-github commented

WS-2017-0247 - Low Severity Vulnerability

Vulnerable Library - ms-0.7.1.tgz

Tiny ms conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /tmp/ws-scm/Website/node_modules/ms/package.json

Dependency Hierarchy:

  • connect-3.4.1.tgz (Root Library)
    • debug-2.2.0.tgz
      • ms-0.7.1.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2017-05-15

URL: WS-2017-0247

CVSS 2 Score Details (3.4)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: vercel/ms@305f2dd

Release Date: 2017-04-12

Fix Resolution: Replace or update the following file: index.js

Step up your Open Source Security Game with WhiteSource here