CVE-2017-16115

Name of the Vulnerable Software and Affected Versions: timespan (affected versions not specified)

Description: The timespan module is vulnerable to a regular expression denial of service. This issue can cause significant amplification, with 50,000 characters of untrusted user input resulting in the event loop being blocked for around 10 seconds.

Recommendations: For all affected versions, consider using a functionally equivalent alternative package as a replacement for timespan. As a temporary workaround, ensure that user input is not being passed into timespan, or drastically reduce the maximum length of such user input, limiting it to 150 characters or less.