npm

Severity: high

Regular Expression Denial Of Service

uri-js

Overview

Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse() method.

Remediation

Update to v3.0.0 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Apr 14th, 2017
  2. reported

    Initial report by Peter Dotchev
    Apr 15th, 2016