millisecond@0.0.1 vulnerabilities

Convert time strings to milliseconds

Direct Vulnerabilities

Known vulnerabilities in the millisecond package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Regular Expression Denial of Service (ReDoS)

Regular expression Denial of Service (ReDoS) vulnerability exists in milliseconds module, affecting version 0.1.1 and below.

milliseconds, the milliseconds conversion utility is used to convert times to milliseconds. The regular expression used by the function to parse the time is vulnerable to denial of service attack, where extremely long strings that are passed to milliseconds() can take long time to process and as a result block the event loop for that period.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade to version 0.1.2.