serve-favicon-2.3.2.tgz: 1 vulnerabilities (highest severity is: 3.4) #14
Description
Vulnerable Library - serve-favicon-2.3.2.tgz
Path to dependency file: /tmp/ws-scm/CompleteFoundVulnerabilitiesMarkdown/package.json
Path to vulnerable library: /tmp/ws-scm/CompleteFoundVulnerabilitiesMarkdown/node_modules/serve-favicon/node_modules/ms/package.json
Found in HEAD commit: ea45f842e78d8b5837a0f464b36f83ff6f940263
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in | Remediation Available |
|---|---|---|---|---|---|---|
| WS-2017-0247 |  Low |
3.4 | ms-0.7.2.tgz | Transitive | 2.4.3 | ✅ |
Details
WS-2017-0247
Vulnerable Library - ms-0.7.2.tgz
Tiny milisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz
Path to dependency file: /tmp/ws-scm/CompleteFoundVulnerabilitiesMarkdown/package.json
Path to vulnerable library: /tmp/ws-scm/CompleteFoundVulnerabilitiesMarkdown/node_modules/serve-favicon/node_modules/ms/package.json
Dependency Hierarchy:
- serve-favicon-2.3.2.tgz (Root Library)
- ❌ ms-0.7.2.tgz (Vulnerable Library)
Found in HEAD commit: ea45f842e78d8b5837a0f464b36f83ff6f940263
Found in base branch: main
Vulnerability Details
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).
Publish Date: 2017-04-12
URL: WS-2017-0247
CVSS 2 Score Details (3.4)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: vercel/ms#89
Release Date: 2017-04-12
Fix Resolution (ms): 2.0.0
Direct dependency fix Resolution (serve-favicon): 2.4.3
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.