Regular Expression Denial Of Service

2017-04-14T18:44:23
ID NODEJS:100
Type nodejs
Reporter Peter Dotchev
Modified 2018-05-08T14:27:01

Description

Overview

Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse() method.

Recommendation

Update to v3.0.0 or later.

References

Issue #12