utility-common-v2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was installed from the public NPM registry rather than your private registry.

Note: This malicious package was uncovered by one of Snyk's automated algorithms, and was confirmed to contain malicious code by our Security Research Team. For more context, please visit our blogpost.

Affected versions of this package are vulnerable to Denial of Service (DoS) when using internationalized URLs, due to locale parameter being interpreted as regular expression.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields cause objects to be converted back and forth between mutable and immutable forms, resulting in potentially long garbage collection pauses.