Vercel ms 0.2.0 for Node.js

CPE Details

Vercel ms 0.2.0 for Node.js
vercel
ms
0.2.0
2023-01-10
14h08 +00:00
2023-01-10
18h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vercel:ms:0.2.0:*:*:*:*:node.js:*:*

Informations

Vendor

vercel

Product

ms

Version

0.2.0

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-20162 2023-01-05 11h49 +00:00 A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.
5.3
Medium
CVE-2015-8315 2017-01-23 20h00 +00:00 The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
7.5
High