VYPR
High severity7.5NVD Advisory· Published Jun 7, 2018· Updated Jun 17, 2026

CVE-2017-16115

CVE-2017-16115

Description

The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
timespannpm
<= 2.3.0

Affected products

2
  • ghsa-coords
    Range: <= 2.3.0
  • HackerOne/timespan node modulev5
    Range: All versions

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.