WS-2017-0247 Low Severity Vulnerability detected by WhiteSource
mend-bolt-for-github opened this issue · comments
WS-2017-0247 - Low Severity Vulnerability
Vulnerable Library - ms-0.7.1.tgz
Tiny ms conversion utility
path: /tmp/git/configuration-manager/node_modules/ms/package.json
Library home page: http://registry.npmjs.org/ms/-/ms-0.7.1.tgz
Dependency Hierarchy:
- mocha-2.5.3.tgz (Root Library)
- debug-2.2.0.tgz
- ❌ ms-0.7.1.tgz (Vulnerable Library)
- debug-2.2.0.tgz
Vulnerability Details
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).
Publish Date: 2017-05-15
URL: WS-2017-0247
Suggested Fix
Type: Change files
Origin: vercel/ms@305f2dd
Release Date: 2017-04-12
Fix Resolution: Replace or update the following file: index.js
Step up your Open Source Security Game with WhiteSource here