Description
The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
Remediation
References
https://nodesecurity.io/advisories/46
http://www.openwall.com/lists/oss-security/2016/04/20/11
http://www.securityfocus.com/bid/96389
https://support.f5.com/csp/article/K46337613?utm_source=f5support&%3Butm_medium=RSS
Related Vulnerabilities
CVE-2022-45685 Vulnerability in maven package org.codehaus.jettison:jettison
CVE-2019-10744 Vulnerability in maven package org.fujion.webjars:lodash
CVE-2022-2932 Vulnerability in npm package mobiledoc-dom-renderer
CVE-2022-31044 Vulnerability in maven package org.rundeck:rundeck
CVE-2022-39243 Vulnerability in maven package com.zaxxer:nuprocess