3 matches found
K46337613: NodeJS vulnerability CVE-2015-8315
Security Advisory Description The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS. CVE-2015-8315 Impact There is no impact; F5 products are not affected by this...
192.168.0.172 (=4.6.1), 352-wascally (>=0.2.4 <=0.2.5) +5443 more potentially affected by CVE-2015-8315 via ms (>=0.1.0 <=0.7.0)
ms NPM version =0.1.0, =0.2.4, =1.0.0, =0.2.0, =0.0.1, =0.0.8, =1.8.0, =0.1.0, =1.0.0, =0.9.0, =1.4.0, =1.0.1, =3.1.2 - @asbjornenge/microbe =1.0.1 - @auser/metalsmith-watch =1.0.4 and more Source cves: CVE-2015-8315 Source advisory: OSV:GHSA-3FX5-FWVR-XRJG...
CVE-2015-8315
The Node.js ms module is vulnerable to a regular expression denial of service (ReDoS) when parsing extremely long version strings. This affects versions before 0.7.1 and can cause CPU exhaustion, potentially degrading availability. Multiple sources (NVD entry CVE-2015-8315 and OSS/NVD mirrors, np...