NodeJS/debug/4.2.0

Lightweight debugging utility for Node.js and the browser

https://www.npmjs.com/package/debug
MIT

1 Security Vulnerabilities

Regular Expression Denial of Service in debug

Published date: 2018-08-09T20:18:07Z
CVE: CVE-2017-16137
Links:

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter.

As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.

This was later re-introduced in version v3.2.0, and then repatched in versions 3.2.7 and 4.3.1.

Recommendation

Version 2.x.x: Update to version 2.6.9 or later. Version 3.1.x: Update to version 3.1.0 or later. Version 3.2.x: Update to version 3.2.7 or later. Version 4.x.x: Update to version 4.3.1 or later.

Affected versions: ["4.0.0", "4.0.1", "4.1.1", "4.1.0", "4.2.0", "4.3.0", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.0", "3.2.1", "3.2.6", "3.0.0", "3.0.1", "0.1.0", "0.3.0", "0.4.0", "0.6.0", "0.7.0", "0.7.1", "0.8.0", "0.8.1", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "2.1.0", "2.1.1", "2.1.2", "2.1.3", "2.3.1", "2.3.3", "2.4.0", "2.4.3", "2.5.1", "2.6.0", "2.6.2", "2.6.7", "1.0.5", "0.0.1", "0.2.0", "0.4.1", "0.5.0", "0.7.2", "0.7.3", "0.7.4", "1.0.4", "2.0.0", "2.2.0", "2.3.0", "2.3.2", "2.4.1", "2.4.2", "2.4.4", "2.4.5", "2.5.0", "2.5.2", "2.6.1", "2.6.3", "2.6.4", "2.6.5", "2.6.6", "2.6.8"]
Secure versions: [2.6.9, 3.1.0, 3.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.4.0, 4.4.1]
Recommendation: Update to version 4.4.1.

76 Other Versions

Version License Security Released
4.4.1 MIT 2025-05-13 - 20:56 about 2 months
4.4.0 MIT 2024-12-06 - 12:32 7 months
4.3.7 MIT 2024-09-06 - 00:52 10 months
4.3.6 MIT 2024-07-27 - 09:23 12 months
4.3.5 MIT 2024-05-31 - 11:40 about 1 year
4.3.4 MIT 2022-03-17 - 13:38 over 3 years
4.3.3 MIT 2021-11-27 - 13:14 over 3 years
4.3.2 MIT 2020-12-09 - 15:36 over 4 years
4.3.1 MIT 2020-11-19 - 12:23 over 4 years
4.3.0 MIT 1 2020-09-19 - 08:36 almost 5 years
4.2.0 MIT 1 2020-05-19 - 09:51 about 5 years
4.1.1 MIT 1 2018-12-22 - 16:40 over 6 years
4.1.0 MIT 1 2018-10-08 - 17:51 almost 7 years
4.0.1 MIT 1 2018-09-11 - 23:16 almost 7 years
4.0.0 MIT 1 2018-09-11 - 08:58 almost 7 years
3.2.7 MIT 2020-11-19 - 12:57 over 4 years
3.2.6 MIT 1 2018-10-10 - 06:48 almost 7 years
3.2.5 MIT 1 2018-09-11 - 23:12 almost 7 years
3.2.4 MIT 1 2018-09-11 - 09:12 almost 7 years
3.2.3 MIT 1 2018-09-11 - 08:30 almost 7 years
3.2.2 MIT 1 2018-09-11 - 07:50 almost 7 years
3.2.1 MIT 1 2018-09-11 - 06:28 almost 7 years
3.2.0 MIT 1 2018-09-11 - 06:19 almost 7 years
3.1.0 MIT 2017-09-26 - 19:13 almost 8 years
3.0.1 MIT 2 2017-08-24 - 19:44 almost 8 years
3.0.0 MIT 2 2017-08-08 - 21:55 almost 8 years
2.6.9 MIT 2017-09-22 - 13:32 almost 8 years
2.6.8 MIT 2 2017-05-18 - 20:07 about 8 years
2.6.7 MIT 2 2017-05-17 - 04:33 about 8 years
2.6.6 MIT 2 2017-04-27 - 23:35 about 8 years
2.6.5 MIT 2 2017-04-27 - 16:04 about 8 years
2.6.4 MIT 2 2017-04-20 - 18:08 about 8 years
2.6.3 MIT 2 2017-03-14 - 03:50 over 8 years
2.6.2 MIT 2 2017-03-10 - 19:44 over 8 years
2.6.1 MIT 2 2017-02-10 - 19:00 over 8 years
2.6.0 MIT 2 2016-12-29 - 05:50 over 8 years
2.5.2 MIT 2 2016-12-26 - 02:39 over 8 years
2.5.1 MIT 2 2016-12-21 - 05:33 over 8 years
2.5.0 MIT 2 2016-12-21 - 05:03 over 8 years
2.4.5 MIT 2 2016-12-18 - 07:13 over 8 years
2.4.4 MIT 2 2016-12-15 - 01:27 over 8 years
2.4.3 MIT 2 2016-12-14 - 21:50 over 8 years
2.4.2 MIT 2 2016-12-14 - 19:40 over 8 years
2.4.1 MIT 2 2016-12-14 - 07:25 over 8 years
2.4.0 MIT 2 2016-12-14 - 06:52 over 8 years
2.3.3 MIT 2 2016-11-19 - 19:59 over 8 years
2.3.2 MIT 2 2016-11-10 - 06:30 over 8 years
2.3.1 MIT 2 2016-11-10 - 00:14 over 8 years
2.3.0 MIT 2 2016-11-07 - 17:40 over 8 years
2.2.0 MIT 2 2015-05-10 - 07:21 about 10 years