Regular Expression Denial of Service (ReDoS) in ms package for Node.js versions prior to 0.7.1

Regular Expression Denial of Service (ReDoS) in ms package for Node.js versions prior to 0.7.1

CVE-2015-8315 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

Learn more about our Web Application Penetration Testing UK.