VDB
KO
HIGH 7.5

GHSA-39q4-p535-c852

Uncontrolled Resource Consumption in locutus

Details

The package locutus before 2.0.15 is vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / locutus
Introduced in: 0 Fixed in: 2.0.15
Fix npm install locutus@2.0.15

References