21:37:25 (+) 1 vulnerabilities found
21:37:25 ┌───────────────┬─────────────────────────────────────────────────────────────────┐
21:37:25 │ │ Regular Expression Denial of Service │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Name │ mime │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ CVSS │ 7.5 (High) │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Installed │ 1.3.4 │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Vulnerable │ < 1.4.1 || > 2.0.0 < 2.0.3 │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Patched │ >= 1.4.1 < 2.0.0 || >= 2.0.3 │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Path │ service-mobileapp-node@0.3.0 > express@4.15.5 > send@0.15.6 > … │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ More Info │ https://nodesecurity.io/advisories/535 │
21:37:25 └───────────────┴─────────────────────────────────────────────────────────────────┘
21:37:25
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Update express to 4.16.0 | mediawiki/services/mobileapps | master | +1 -1 |
Event Timeline
Comment Actions
Express release with a fix planned for today, see https://github.com/expressjs/express/issues/3431 and https://github.com/expressjs/express/pull/3423
Comment Actions
Change 381280 had a related patch set uploaded (by Mholloway; owner: Mholloway):
[mediawiki/services/mobileapps@master] Update express to 4.16.0
Comment Actions
Change 381280 merged by jenkins-bot:
[mediawiki/services/mobileapps@master] Update express to 4.16.0