Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wY2YtNGdtaC0yM3c4
Regular Expression Denial of Service in forwarded
Affected versions of forwarded are vulnerable to regular expression denial of service when parsing specially crafted user input.
Recommendation
Update to version 0.1.2 or later
Permalink: https://github.com/advisories/GHSA-mpcf-4gmh-23w8JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wY2YtNGdtaC0yM3c4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 6 years ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-mpcf-4gmh-23w8, CVE-2017-16118
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-16118
- https://github.com/advisories/GHSA-mpcf-4gmh-23w8
- https://www.npmjs.com/advisories/527
- http://www.securityfocus.com/bid/104427
Affected Packages
npm:forwarded
Dependent packages: 622Dependent repositories: 4,075,117
Downloads: 131,089,714 last month
Affected Version Ranges: < 0.1.2
Fixed in: 0.1.2
All affected versions: 0.1.0, 0.1.1
All unaffected versions: 0.1.2, 0.2.0