serve-favicon-2.3.2.tgz: 1 vulnerabilities (highest severity is: 3.4) - autoclosed

[dev-mend-for-github-com]

Vulnerable Library - serve-favicon-2.3.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/serve-favicon/node_modules/ms/package.json

Found in HEAD commit: bd89aae073b703c071f5a96dfaacade67e098e0d

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in	Remediation Available
WS-2017-0247	Low	3.4	ms-0.7.2.tgz	Transitive	2.4.3	✅

Details

WS-2017-0247

Vulnerable Library - ms-0.7.2.tgz

Tiny milisecond conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/serve-favicon/node_modules/ms/package.json

Dependency Hierarchy:

• serve-favicon-2.3.2.tgz (Root Library)
  • ❌ ms-0.7.2.tgz (Vulnerable Library)

Found in HEAD commit: bd89aae073b703c071f5a96dfaacade67e098e0d

Found in base branch: main

Vulnerability Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2017-04-12

URL: WS-2017-0247

CVSS 2 Score Details (3.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: vercel/ms#89

Release Date: 2017-04-12

Fix Resolution (ms): 2.0.0

Direct dependency fix Resolution (serve-favicon): 2.4.3

⛑️ Automatic Remediation is available for this issue

---

⛑️ Automatic Remediation is available for this issue.

[dev-mend-for-github-com]

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.