-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe GitHub issue #14 explicitly references vulnerable regex patterns in parse-uri's index.js lines 28-29 used by the parseUri function. The PoC demonstrates ReDoS through this function. For parseuri package (<2.0.0), the advisory links it to the same CVE but lacks direct code references - the medium confidence comes from package similarity and shared vulnerability description. Both CWEs (185/1333) indicate regex implementation flaws as the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| parse-uri | npm | <= 1.0.9 | |
| parseuri | npm | < 2.0.0 |