GHSA-mpcf-4gmh-23w8

Source

https://github.com/advisories/GHSA-mpcf-4gmh-23w8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-mpcf-4gmh-23w8/GHSA-mpcf-4gmh-23w8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mpcf-4gmh-23w8

Aliases

CVE-2017-16118

Published

2018-07-24T20:16:30Z

Modified

2023-11-08T03:59:05.893181Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Regular Expression Denial of Service in forwarded

Details

Affected versions of forwarded are vulnerable to regular expression denial of service when parsing specially crafted user input.

Recommendation

Update to version 0.1.2 or later

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T21:46:42Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "HIGH"
}

References

Affected packages

npm / forwarded

Package

Name: forwarded; View open source insights on deps.dev
Purl: pkg:npm/forwarded

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-mpcf-4gmh-23w8/GHSA-mpcf-4gmh-23w8.json"