NodeJS/debug/3.2.5

Lightweight debugging utility for Node.js and the browser

Repo Link: https://www.npmjs.com/package/debug
License: MIT

1 Security Vulnerabilities

Regular Expression Denial of Service in debug

Published date: 2018-08-09T20:18:07Z

CVE: CVE-2017-16137

Links:

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter.

As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.

This was later re-introduced in version v3.2.0, and then repatched in versions 3.2.7 and 4.3.1.

Recommendation

Version 2.x.x: Update to version 2.6.9 or later. Version 3.1.x: Update to version 3.1.0 or later. Version 3.2.x: Update to version 3.2.7 or later. Version 4.x.x: Update to version 4.3.1 or later.

Affected versions: ["4.0.0", "4.0.1", "4.1.1", "4.1.0", "4.2.0", "4.3.0", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.0", "3.2.1", "3.2.6", "3.0.0", "3.0.1", "0.1.0", "0.3.0", "0.4.0", "0.6.0", "0.7.0", "0.7.1", "0.8.0", "0.8.1", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "2.1.0", "2.1.1", "2.1.2", "2.1.3", "2.3.1", "2.3.3", "2.4.0", "2.4.3", "2.5.1", "2.6.0", "2.6.2", "2.6.7", "1.0.5", "0.0.1", "0.2.0", "0.4.1", "0.5.0", "0.7.2", "0.7.3", "0.7.4", "1.0.4", "2.0.0", "2.2.0", "2.3.0", "2.3.2", "2.4.1", "2.4.2", "2.4.4", "2.4.5", "2.5.0", "2.5.2", "2.6.1", "2.6.3", "2.6.4", "2.6.5", "2.6.6", "2.6.8"]

Secure versions: [2.6.9, 3.1.0, 3.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.4.0, 4.4.1]

Recommendation: Update to version 4.4.1.

76 Other Versions

Version	License	Security	Released
2.1.3	MIT	2	2015-03-13 - 18:50	over 10 years
2.1.2	MIT	2	2015-03-02 - 01:39	over 10 years
2.1.1	MIT	2	2014-12-29 - 21:51	over 10 years
2.1.0	MIT	2	2014-10-15 - 21:58	over 10 years
2.0.0	MIT	2	2014-09-01 - 07:21	almost 11 years
1.0.5	MIT	2	2017-06-15 - 00:14	about 8 years
1.0.4	MIT	2	2014-07-15 - 23:16	almost 11 years
1.0.3	MIT	2	2014-07-09 - 16:16	about 11 years
1.0.2	MIT	2	2014-06-11 - 00:50	about 11 years
1.0.1	MIT	2	2014-06-06 - 20:23	about 11 years
1.0.0	MIT	2	2014-06-05 - 03:55	about 11 years
0.8.1	MIT	2	2014-04-15 - 02:04	about 11 years
0.8.0	MIT	2	2014-03-30 - 16:00	over 11 years
0.7.4	MIT	2	2013-11-13 - 20:08	over 11 years
0.7.3	MIT	2	2013-10-31 - 00:51	over 11 years
0.7.2	MIT	2	2013-02-06 - 23:40	over 12 years
0.7.1	MIT	2	2013-02-06 - 21:53	over 12 years
0.7.0	MIT	2	2012-07-09 - 19:11	about 13 years
0.6.0	MIT	2	2012-03-16 - 21:58	over 13 years
0.5.0	MIT	2	2012-02-03 - 00:56	over 13 years
0.4.1	MIT	2	2012-02-02 - 19:54	over 13 years
0.4.0	MIT	2	2012-02-01 - 21:20	over 13 years
0.3.0	MIT	2	2012-01-27 - 00:37	over 13 years
0.2.0	MIT	2	2012-01-22 - 18:26	over 13 years
0.1.0	MIT	2	2011-12-02 - 23:16	over 13 years
0.0.1	MIT	2	2011-11-29 - 01:11	over 13 years