NodeJS/debug/1.0.4


Lightweight debugging utility for Node.js and the browser

https://www.npmjs.com/package/debug
MIT

2 Security Vulnerabilities

debug Inefficient Regular Expression Complexity vulnerability

Published date: 2023-01-09T12:30:19Z
CVE: CVE-2017-20165
Links:

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability. The patch has been backported to the 2.6.x branch in version 2.6.9.

Affected versions: ["3.0.0", "3.0.1", "0.0.1", "0.1.0", "0.2.0", "0.3.0", "0.4.0", "0.4.1", "0.5.0", "0.6.0", "0.7.0", "0.7.1", "0.7.2", "0.7.3", "0.7.4", "0.8.0", "0.8.1", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "2.0.0", "2.1.0", "2.1.1", "2.1.2", "2.1.3", "2.2.0", "2.3.0", "2.3.1", "2.3.2", "2.3.3", "2.4.0", "2.4.1", "2.4.2", "2.4.3", "2.4.4", "2.4.5", "2.5.0", "2.5.1", "2.5.2", "2.6.0", "2.6.1", "2.6.2", "2.6.3", "2.6.4", "2.6.5", "2.6.6", "2.6.7", "2.6.8", "1.0.5"]
Secure versions: [2.6.9, 3.1.0, 4.3.1, 3.2.7, 4.3.2, 4.3.3, 4.3.4]
Recommendation: Update to version 4.3.4.

Regular Expression Denial of Service in debug

Published date: 2018-08-09T20:18:07Z
CVE: CVE-2017-16137
Links:

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter.

As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.

This was later re-introduced in version v3.2.0, and then repatched in versions 3.2.7 and 4.3.1.

Recommendation

Version 2.x.x: Update to version 2.6.9 or later. Version 3.1.x: Update to version 3.1.0 or later. Version 3.2.x: Update to version 3.2.7 or later. Version 4.x.x: Update to version 4.3.1 or later.

Affected versions: ["4.0.0", "4.0.1", "4.1.0", "4.1.1", "4.2.0", "4.3.0", "3.2.0", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.0.0", "3.0.1", "0.0.1", "0.1.0", "0.2.0", "0.3.0", "0.4.0", "0.4.1", "0.5.0", "0.6.0", "0.7.0", "0.7.1", "0.7.2", "0.7.3", "0.7.4", "0.8.0", "0.8.1", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "2.0.0", "2.1.0", "2.1.1", "2.1.2", "2.1.3", "2.2.0", "2.3.0", "2.3.1", "2.3.2", "2.3.3", "2.4.0", "2.4.1", "2.4.2", "2.4.3", "2.4.4", "2.4.5", "2.5.0", "2.5.1", "2.5.2", "2.6.0", "2.6.1", "2.6.2", "2.6.3", "2.6.4", "2.6.5", "2.6.6", "2.6.7", "2.6.8", "1.0.5"]
Secure versions: [2.6.9, 3.1.0, 4.3.1, 3.2.7, 4.3.2, 4.3.3, 4.3.4]
Recommendation: Update to version 4.3.4.

71 Other Versions

Version License Security Released
4.3.4 MIT 2022-03-17 - 13:38 about 2 years
4.3.3 MIT 2021-11-27 - 13:14 over 2 years
4.3.2 MIT 2020-12-09 - 15:36 over 3 years
4.3.1 MIT 2020-11-19 - 12:23 over 3 years
4.3.0 MIT 1 2020-09-19 - 08:36 over 3 years
4.2.0 MIT 1 2020-05-19 - 09:51 almost 4 years
4.1.1 MIT 1 2018-12-22 - 16:40 over 5 years
4.1.0 MIT 1 2018-10-08 - 17:51 over 5 years
4.0.1 MIT 1 2018-09-11 - 23:16 over 5 years
4.0.0 MIT 1 2018-09-11 - 08:58 over 5 years
3.2.7 MIT 2020-11-19 - 12:57 over 3 years
3.2.6 MIT 1 2018-10-10 - 06:48 over 5 years
3.2.5 MIT 1 2018-09-11 - 23:12 over 5 years
3.2.4 MIT 1 2018-09-11 - 09:12 over 5 years
3.2.3 MIT 1 2018-09-11 - 08:30 over 5 years
3.2.2 MIT 1 2018-09-11 - 07:50 over 5 years
3.2.1 MIT 1 2018-09-11 - 06:28 over 5 years
3.2.0 MIT 1 2018-09-11 - 06:19 over 5 years
3.1.0 MIT 2017-09-26 - 19:13 over 6 years
3.0.1 MIT 2 2017-08-24 - 19:44 over 6 years
3.0.0 MIT 2 2017-08-08 - 21:55 over 6 years
2.6.9 MIT 2017-09-22 - 13:32 over 6 years
2.6.8 MIT 2 2017-05-18 - 20:07 almost 7 years
2.6.7 MIT 2 2017-05-17 - 04:33 almost 7 years
2.6.6 MIT 2 2017-04-27 - 23:35 almost 7 years
2.6.5 MIT 2 2017-04-27 - 16:04 almost 7 years
2.6.4 MIT 2 2017-04-20 - 18:08 almost 7 years
2.6.3 MIT 2 2017-03-14 - 03:50 about 7 years
2.6.2 MIT 2 2017-03-10 - 19:44 about 7 years
2.6.1 MIT 2 2017-02-10 - 19:00 about 7 years
2.6.0 MIT 2 2016-12-29 - 05:50 about 7 years
2.5.2 MIT 2 2016-12-26 - 02:39 over 7 years
2.5.1 MIT 2 2016-12-21 - 05:33 over 7 years
2.5.0 MIT 2 2016-12-21 - 05:03 over 7 years
2.4.5 MIT 2 2016-12-18 - 07:13 over 7 years
2.4.4 MIT 2 2016-12-15 - 01:27 over 7 years
2.4.3 MIT 2 2016-12-14 - 21:50 over 7 years
2.4.2 MIT 2 2016-12-14 - 19:40 over 7 years
2.4.1 MIT 2 2016-12-14 - 07:25 over 7 years
2.4.0 MIT 2 2016-12-14 - 06:52 over 7 years
2.3.3 MIT 2 2016-11-19 - 19:59 over 7 years
2.3.2 MIT 2 2016-11-10 - 06:30 over 7 years
2.3.1 MIT 2 2016-11-10 - 00:14 over 7 years
2.3.0 MIT 2 2016-11-07 - 17:40 over 7 years
2.2.0 MIT 2 2015-05-10 - 07:21 almost 9 years
2.1.3 MIT 2 2015-03-13 - 18:50 about 9 years
2.1.2 MIT 2 2015-03-02 - 01:39 about 9 years
2.1.1 MIT 2 2014-12-29 - 21:51 about 9 years
2.1.0 MIT 2 2014-10-15 - 21:58 over 9 years
2.0.0 MIT 2 2014-09-01 - 07:21 over 9 years
1.0.5 MIT 2 2017-06-15 - 00:14 almost 7 years
1.0.4 MIT 2 2014-07-15 - 23:16 over 9 years
1.0.3 MIT 2 2014-07-09 - 16:16 over 9 years
1.0.2 MIT 2 2014-06-11 - 00:50 almost 10 years
1.0.1 MIT 2 2014-06-06 - 20:23 almost 10 years
1.0.0 MIT 2 2014-06-05 - 03:55 almost 10 years
0.8.1 MIT 2 2014-04-15 - 02:04 almost 10 years
0.8.0 MIT 2 2014-03-30 - 16:00 almost 10 years
0.7.4 MIT 2 2013-11-13 - 20:08 over 10 years
0.7.3 MIT 2 2013-10-31 - 00:51 over 10 years
0.7.2 MIT 2 2013-02-06 - 23:40 about 11 years
0.7.1 MIT 2 2013-02-06 - 21:53 about 11 years
0.7.0 MIT 2 2012-07-09 - 19:11 over 11 years
0.6.0 MIT 2 2012-03-16 - 21:58 about 12 years
0.5.0 MIT 2 2012-02-03 - 00:56 about 12 years
0.4.1 MIT 2 2012-02-02 - 19:54 about 12 years
0.4.0 MIT 2 2012-02-01 - 21:20 about 12 years
0.3.0 MIT 2 2012-01-27 - 00:37 about 12 years
0.2.0 MIT 2 2012-01-22 - 18:26 about 12 years
0.1.0 MIT 2 2011-12-02 - 23:16 over 12 years
0.0.1 MIT 2 2011-11-29 - 01:11 over 12 years