Vulnerable Package issue exists @ Npm-ms-0.7.1 in branch master
The ms package 0.7.1 through 1.0.0 allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." This came after an incomplete fix for CVE-2015-8315, which limited the length of accepted input string to 10,000 characters.
Namespace: RobertMickleCx
Repository: NodeGoat
Repository Url: https://github.com/RobertMickleCx/NodeGoat
CxAST-Project: RobertMickleCx/NodeGoat
CxAST platform scan: 4cad0b9d-cbe1-4acd-bb82-244764df9dbd
Branch: master
Application: NodeGoat
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-400
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
References
Pull request
Commit
Vulnerable Package issue exists @ Npm-ms-0.7.1 in branch master
The ms package 0.7.1 through 1.0.0 allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." This came after an incomplete fix for CVE-2015-8315, which limited the length of accepted input string to 10,000 characters.
Namespace: RobertMickleCx
Repository: NodeGoat
Repository Url: https://github.com/RobertMickleCx/NodeGoat
CxAST-Project: RobertMickleCx/NodeGoat
CxAST platform scan: 4cad0b9d-cbe1-4acd-bb82-244764df9dbd
Branch: master
Application: NodeGoat
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-400
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
References
Pull request
Commit