A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.

Affected Packages

npm ms

Affected versions: 0 (fixed in 2.0.0)

Related CVEs

CVE-2017-20162

Key Information

GHSA ID

GHSA-w9mr-4mfr-499f

Published

January 5, 2023 12:30 PM

Last Modified

January 11, 2023 11:00 PM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.