ms-0.7.3.tgz: 1 vulnerabilities (highest severity is: 3.4) - autoclosed

[uriel-mend-app[bot]]

Vulnerable Library - ms-0.7.3.tgz

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.3.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ms/package.json

Found in HEAD commit: 94f729510068f5d8203d19d5a1c9c50f8f631e8d

Mend has checked all newer package trees, and you are on the least vulnerable package!

Please note: There might be a version that explicitly solves one or more of the vulnerabilities listed below, but we do not recommend it. For more info about the optional fixes, check the section “Details” below.

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (ms version)	Fix PR available
WS-2017-0247	Low	3.4	ms-0.7.3.tgz	Direct	N/A	❌

Details

WS-2017-0247

### Vulnerable Library - ms-0.7.3.tgz

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.3.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ms/package.json

Dependency Hierarchy: - :x: **ms-0.7.3.tgz** (Vulnerable Library)

Found in HEAD commit: 94f729510068f5d8203d19d5a1c9c50f8f631e8d

Found in base branch: main

### Vulnerability Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2017-04-12

URL: WS-2017-0247

### CVSS 2 Score Details (3.4)

Base Score Metrics not available

### Suggested Fix

Type: Upgrade version

Release Date: 2017-04-12

Fix Resolution: 2.1.1

In order to enable automatic remediation, please create workflow rules

[uriel-mend-app[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.