Security Release for N|Solid Version 4.5.5 - NodeSource

The NodeSource Blog

You have reached the beginning of time!

Security Release for N|Solid Version 4.5.5

This is a security release for two vulnerabilities in the path-parse package. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. The vulnerabilities cause a denial of service when parsing crafted invalid paths. ReDoS exhibits polynomial worst-case time complexity.

This release also includes few bug fixes in N|Solid Console, Runtime and performance improvements, and N|Solid fermium has been rebased to its latest version 14.17.1. For more information check N|Solid downloads.

The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive for developers and can ultimately end up making it easy for attackers to take your site down.

Remediation

Upgrade path-parse to version 1.0.7 or higher.

Upgrade to N|Solid Version 4.5.5. This vulnerability is not no longer present within N|Solid dependencies. Notice that this dependency is part of NCM which is bundled in NSolid.

Additional References

For details about this security releases and corresponding vulnerabilities, please click here.

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free