GHSA-wrvr-8mpx-r7pp

Source

https://github.com/advisories/GHSA-wrvr-8mpx-r7pp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-wrvr-8mpx-r7pp/GHSA-wrvr-8mpx-r7pp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wrvr-8mpx-r7pp

Aliases

CVE-2017-16138

Published

2018-07-20T16:20:52Z

Modified

2023-11-08T03:59:07.102650Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Details

Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Recommendation

Update to version 2.0.3 or later.

Database specific

{
    "github_reviewed_at": "2020-06-16T22:01:10Z",
    "severity": "HIGH",
    "nvd_published_at": null,
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ]
}

References

Affected packages

npm / mime

Package

Name: mime; View open source insights on deps.dev
Purl: pkg:npm/mime

Affected ranges

Type: SEMVER
Events: Introduced

2.0.0

Fixed

2.0.3

npm / mime

Package

Name: mime; View open source insights on deps.dev
Purl: pkg:npm/mime

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1