uri-js@2.0.0

Vulnerabilities

1 via 1 paths

Dependencies

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Regular Expression Denial of Service (ReDoS)

  • Vulnerable module: uri-js
  • Introduced through: uri-js@2.0.0

Detailed paths

  • Introduced through: uri-js@2.0.0
    Remediation: Upgrade to uri-js@3.0.0.

Overview

uri-js is an RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when validating URLs.

Remediation

Upgrade uri-js to version 3.0.0 or higher.

References