GMS-2019-64: Denial of Service in url-relative

June 5, 2019 (updated August 4, 2021)

All versions of url-relative are vulnerable to Denial of Service. If the values to and from are equal, the function hangs and never returns. This may cause a Denial of Service. No fix is currently available. Consider using an alternative module until a fix is made available.

References

github.com/advisories/GHSA-86p3-4gfq-38f2
github.com/junosuarez/url-relative/issues/3
snyk.io/vuln/SNYK-JS-URLRELATIVE-173691
www.npmjs.com/advisories/783

Detect and mitigate GMS-2019-64 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →