2 matches found
CVE-2015-8315
The Node.js ms module is vulnerable to a regular expression denial of service (ReDoS) when parsing extremely long version strings. This affects versions before 0.7.1 and can cause CPU exhaustion, potentially degrading availability. Multiple sources (NVD entry CVE-2015-8315 and OSS/NVD mirrors, np...
CVE-2017-20162
CVE-2017-20162 affects the Vercel ms package up to 1.x. The vulnerability lies in the parse function of index.js, where manipulating the string argument (str) enables a regular expression denial of service (ReDoS). The issue can be exploited remotely; a public exploit has been disclosed. Remediat...