serve-favicon-2.3.2.tgz: 1 vulnerabilities (highest severity is: 0.0)

[dev-mend-for-github-com]

Vulnerable Library - serve-favicon-2.3.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/serve-favicon/node_modules/ms/package.json

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (serve-favicon version)	Remediation Possible**	Reachability
WS-2017-0247	Low	0.0	ms-0.7.2.tgz	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

WS-2017-0247

Vulnerable Library - ms-0.7.2.tgz

Tiny milisecond conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/serve-favicon/node_modules/ms/package.json

Dependency Hierarchy:

• serve-favicon-2.3.2.tgz (Root Library)
  • ❌ ms-0.7.2.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2017-04-12

URL: WS-2017-0247

CVSS 2 Score Details (0.0)

Base Score Metrics not available