Lucene search
Cristian-Alexandru StaicuNODEJS:534HistorySep 25, 2017 - 6:55 p.m.
Regular Expression Denial of Service
2017-09-2518:55:55
Cristian-Alexandru Staicu
www.npmjs.com
27
0.003 Low
EPSS
Percentile
69.5%
Overview
Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter.
As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.
Recommendation
Version 2.x.x: Update to version 2.6.9 or later.
Version 3.x.x: Update to version 3.1.0 or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| debug | le | 2.6.8 || >= 3.0.0 <= 3.0.1 |
Related
cve
cve
CVE-2017-16137
2018-06-07 02:29:03
nessus
nessus
RHEL 8 : nodejs-debug (Unpatched Vulnerability)
2024-05-11 00:00:00
osv
osv
CVE-2017-16137
2018-06-07 02:29:03
Regular Expression Denial of Service in debug
2018-08-09 20:18:07
github
github
Regular Expression Denial of Service in debug
2018-08-09 20:18:07
debiancve
debiancve
CVE-2017-16137
2018-06-07 02:29:03
redhatcve
redhatcve
CVE-2017-16137
2018-06-07 08:49:05
nvd
nvd
CVE-2017-16137
2018-06-07 02:29:03
prion
prion
Input validation
2018-06-07 02:29:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2017-09-18 06:28:13
cvelist
cvelist
CVE-2017-16137
2018-04-26 00:00:00
ubuntucve
ubuntucve
CVE-2017-16137
2018-06-07 00:00:00
ibm
ibm
redhat
redhat