Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
[
{
"product": "fresh node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "< 0.5.2"
}
]
}
]