GHSA-9qj9-36jm-prpv

Source

https://github.com/advisories/GHSA-9qj9-36jm-prpv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-9qj9-36jm-prpv/GHSA-9qj9-36jm-prpv.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-9qj9-36jm-prpv

Aliases

CVE-2017-16119

Published

2018-07-24T20:16:57Z

Modified

2023-11-01T04:47:52.435168Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Regular Expression Denial of Service in fresh

Details

Affected versions of fresh are vulnerable to regular expression denial of service when parsing specially crafted user input.

Recommendation

Update to version 0.5.2 or later.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:29:26Z"
}

References

Affected packages

npm / fresh

Package

Name: fresh; View open source insights on deps.dev
Purl: pkg:npm/fresh

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.2