VYPR

npm package

ms

pkg:npm/ms

Vulnerabilities (2)

  • CVE-2017-20162Jan 5, 2023
    affected < 2.0.0fixed 2.0.0

    A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely.

  • CVE-2015-8315HigJan 23, 2017
    affected < 0.7.1fixed 0.7.1

    The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."