VYPR

npm package

hosted-git-info

pkg:npm/hosted-git-info

Vulnerabilities (1)

  • CVE-2021-23362Mar 23, 2021
    affected < 2.8.9fixed 2.8.9

    The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.