CVE-2015-8315 - The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumpti

CVE-2015-8315

Summary

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

References

Vulnerable Configurations

cpe:2.3:a:vercel:ms:0.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.3.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.3.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.4.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.4.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.5.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.5.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.5.1:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.5.1:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.6.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.6.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.6.1:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.6.1:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.6.2:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.6.2:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.7.0:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:ms:0.7.0:*:*:*:*:node.js:*:*

CVSS

Base:	7.8 (as of 01-08-2024 - 13:41)
Impact:
Exploitability:

CWE

CWE-1333

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	96389
confirm	https://nodesecurity.io/advisories/46 https://support.f5.com/csp/article/K46337613?utm_source=f5support&utm_medium=RSS
mlist	[oss-security] 20160420 various vulnerabilities in Node.js packages

Last major update

01-08-2024 - 13:41

Published

23-01-2017 - 21:59

Last modified

01-08-2024 - 13:41