Regular Expression Denial of Service (ReDoS)
Vulnerable module: mime
Introduced through: express@4.11.2
Detailed paths
Introduced through: naivechain@lhartikk/naivechain#dfd2481e7158f72e54fba4ce0bd2f48d0a44945e › express@4.11.2 › send@0.11.1 › mime@1.2.11
Remediation: Upgrade to express@4.16.0.
Introduced through: naivechain@lhartikk/naivechain#dfd2481e7158f72e54fba4ce0bd2f48d0a44945e › express@4.11.2 › serve-static@1.8.1 › send@0.11.1 › mime@1.2.11
Remediation: Upgrade to express@4.16.0.
Overview
mime is a comprehensive, compact MIME type module.
Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS). It uses regex the following regex /.*[.\/\]/ in its lookup, which can cause a slowdown of 2 seconds for 50k characters.
Regular Expression Denial of Service (ReDoS) Vulnerable module: mime Introduced through: express@4.11.2 Detailed paths Introduced through: naivechain@lhartikk/naivechain#dfd2481e7158f72e54fba4ce0bd2f48d0a44945e › express@4.11.2 › send@0.11.1 › mime@1.2.11 Remediation: Upgrade to express@4.16.0. Introduced through: naivechain@lhartikk/naivechain#dfd2481e7158f72e54fba4ce0bd2f48d0a44945e › express@4.11.2 › serve-static@1.8.1 › send@0.11.1 › mime@1.2.11 Remediation: Upgrade to express@4.16.0. Overview mime is a comprehensive, compact MIME type module.
Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS). It uses regex the following regex /.*[.\/\]/ in its lookup, which can cause a slowdown of 2 seconds for 50k characters.