Security Release for N|Solid Version 4.5.1 - NodeSource

The NodeSource Blog

You have reached the beginning of time!

Security Release for N|Solid Version 4.5.1

This is a security release and includes fixes for Regular Expression Denial of Service (ReDoS).

The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive for developers and can ultimately end up making it easy for attackers to take your site down.

This version also includes a fix for the relay mode that corrects the communication of metrics with the latest changes implemented for Worker Threads.

Vulnerability

glob-parent is a package that helps extracting the non-magic parent path from a glob string.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). The enclosure regex used to check for strings ending in an enclosure containing path separator.

Remediation

Upgrade glob-parent to version 5.1.2 or higher.

Upgrade to N|Solid Version 4.5.1. This vulnerability is not no longer present within NSolid dependencies. Notice that this dependency is part of NCM which is bundled in NSolid.

Additional References

For details about this security releases and corresponding vulnerabilities, please refer to the link below:
Regular Expression Denial of Service (ReDoS)

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free