Description
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
Remediation
References
https://nodesecurity.io/advisories/526
Related Vulnerabilities
CVE-2018-3732 Vulnerability in npm package resolve-path
CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-core
CVE-2019-5427 Vulnerability in maven package com.mchange:c3p0
CVE-2018-8811 Vulnerability in maven package org.opencms:opencms-core
CVE-2022-25860 Vulnerability in maven package org.webjars.npm:simple-git