The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a regular expression denial of service (ReDoS).
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ms | Vercel | * | 0.7.1 (excluding) |