find-my-way@1.6.0 vulnerabilities

Crazy fast http radix based router

Direct Vulnerabilities

Known vulnerabilities in the find-my-way package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Regular Expression Denial of Service (ReDoS)

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when including two parameters ending with - in a single segment, which causes inefficient backtracking when parsing the string into a regular expression. The resulting poor performance can lead to denial of service.

Note:

This vulnerability is similar to the path-to-regexp ReDoS Vulnerability

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade find-my-way to version 8.2.2, 9.0.1 or higher.

<8.2.2 >=9.0.0 <9.0.1
  • M
Web Cache Poisoning

Affected versions of this package are vulnerable to Web Cache Poisoning. It accepts the Accept-Version header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.

How to fix Web Cache Poisoning?

Upgrade find-my-way to version 2.2.5, 3.0.5 or higher.

<2.2.5 >=3.0.0 <3.0.5