Affected versions of path-parse
are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Upgrade to version 1.0.7 or later
CPE | Name | Operator | Version |
---|---|---|---|
path-parse | lt | 1.0.7 |