High severity7.5NVD Advisory· Published Jan 23, 2017· Updated May 13, 2026
CVE-2015-8315
CVE-2015-8315
Description
The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
msnpm | < 0.7.1 | 0.7.1 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- nodesecurity.io/advisories/46nvdBroken LinkExploitMitigationVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/04/20/11nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/96389nvdBroken LinkThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-3fx5-fwvr-xrjgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-8315ghsaADVISORY
- support.f5.com/csp/article/K46337613nvdThird Party AdvisoryWEB
- support.f5.com/csp/article/K46337613ghsaWEB
- web.archive.org/web/20200227190911/http://www.securityfocus.com/bid/96389ghsaWEB
News mentions
0No linked articles in our index yet.