Narcoleptic's Patch Mangler
    Severity: high

    Regular Expression Denial of Service

    fresh

    Overview

    Affected versions of fresh are vulnerable to regular expression denial of service when parsing specially crafted user input.

    Remediation

    Update to version 0.5.2 or later.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory published
      Sep 26th, 2017
    2. reported

      Initial report by Cristian-Alexandru Staicu
      Sep 8th, 2017