GHSA-86p3-4gfq-38f2

Опубликовано: 05 июн. 2019

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Denial of Service in url-relative

All versions of url-relative are vulnerable to Denial of Service. If the values to and from are equal, the function hangs and never returns. This may cause a Denial of Service.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Ссылки

https://github.com/junosuarez/url-relative/issues/3
https://snyk.io/vuln/SNYK-JS-URLRELATIVE-173691
https://www.npmjs.com/advisories/783

Пакеты

Наименование

url-relative

npm

Затронутые версииВерсия исправления

<= 1.0.0

Отсутствует

5.9 Medium

CVSS3

Дефекты

CWE-400

5.9 Medium

CVSS3

Дефекты

CWE-400