Regular Expression Denial of Service
Published: September 26th, 2017
Reported by: Cristian-Alexandru Staicu
Fresh is a module used by the Express.js framework for 'HTTP response freshness testing'. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
If you are using this module via express, upgrade to Express version 4.15.5 or greater.
Upgrade to 0.5.2 or greater