Affected versions of debug
are vulnerable to regular expression denial of service when untrusted user input is passed into the o
formatter.
As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.
Version 2.x.x: Update to version 2.6.9 or later.
Version 3.x.x: Update to version 3.1.0 or later.
CPE | Name | Operator | Version |
---|---|---|---|
debug | le | 2.6.8 || >= 3.0.0 <= 3.0.1 |