Eslint-plugin-import: Regular Expression Denial of Service (ReDoS)

Created on 9 Jun 2017  Â·  2Comments  Â·  Source: benmosher/eslint-plugin-import

I updated to v2.3.0 and low snyk.io returns what the issue title says.
Also this:

Vulnerable module: ms
Introduced through: [email protected] › [email protected] › [email protected] › [email protected]

More info to this vulnerability: https://snyk.io/vuln/npm:ms:20170412

Is there a quick way to fix this?

picture schoenwaldnils

Most helpful comment

Just because there's a vulnerability, does not mean it necessarily affect you. In this case only your own eslint configuration can provide a regular expression, so the risk does not exist.

That said, it'd be ideal to update the dep chain.

picture ljharb on 9 Jun 2017
👍3

All 2 comments

Just because there's a vulnerability, does not mean it necessarily affect you. In this case only your own eslint configuration can provide a regular expression, so the risk does not exist.

That said, it'd be ideal to update the dep chain.

ljharb picture ljharb on 9 Jun 2017
👍3

fixed in v2.5.0 or so

benmosher picture benmosher on 28 Jun 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ljharb picture ljharb  Â·  29Comments
JustFly1984 picture JustFly1984  Â·  41Comments
msuntharesan picture msuntharesan  Â·  29Comments
graingert picture graingert  Â·  22Comments
ThomasdenH picture ThomasdenH  Â·  31Comments