This repository has been archived by the owner on Feb 12, 2021. It is now read-only.
Vulnerability - Regular Expression Denial of Service #205
Comments
|
The 'mime' version in package.json needs to be updated in s3 package , it seems currently the mime version is held at 1.2.x ( i.e. "mime": "~1.2.11"), we need >= 1.4.1 < 2.0.0 || >= 2.0.3 to get patch; |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
Reference: https://nodesecurity.io/advisories/535
The text was updated successfully, but these errors were encountered: