Advisories for Npm/Find-My-Way package

2024

find-my-way has a ReDoS vulnerability in multiparametric routes

A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-.

2020

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

This affects the package find-my-way, from It accepts the Accept-Version header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.