Fresh is a module used by the Express.js framework for 'HTTP response freshness testing'. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. References: https://nodesecurity.io/advisories/526 Upstream patch: https://github.com/jshttp/fresh/commit/21a0f0c2a5f447e0d40bc16be0c23fa98a7b46ec
Created nodejs-fresh tracking bugs for this issue: Affects: epel-all [bug 1500258] Affects: fedora-all [bug 1500257]
Created nodejs-fresh tracking bugs for this issue: Affects: openshift-1 [bug 1516714]