NodeJS/debug/4.2.0
Lightweight debugging utility for Node.js and the browser
https://www.npmjs.com/package/debug
MIT
1 Security Vulnerabilities
Regular Expression Denial of Service in debug
Published date: 2018-08-09T20:18:07Z
CVE: CVE-2017-16137
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2017-16137
- https://github.com/advisories/GHSA-gxpj-cx7g-858c
- https://github.com/visionmedia/debug/issues/501
- https://github.com/visionmedia/debug/pull/504
- https://www.npmjs.com/advisories/534
- https://lists.apache.org/thread.html/r8ba4c628fba7181af58817d452119481adce4ba92e889c643e4c7dd3@%3Ccommits.netbeans.apache.org%3E
- https://lists.apache.org/thread.html/rb5ac16fad337d1f3bb7079549f97d8166d0ef3082629417c39f12d63@%3Cnotifications.netbeans.apache.org%3E
- https://nodesecurity.io/advisories/534
- https://github.com/debug-js/debug/issues/797
- https://github.com/debug-js/debug/commit/4e2150207c568adb9ead8f4c4528016081c88020
- https://github.com/debug-js/debug/commit/71169065b5262f9858ac78cc0b688c84a438f290
- https://github.com/debug-js/debug/commit/b6d12fdbc63b483e5c969da33ea6adc09946b5ac
- https://github.com/debug-js/debug/commit/f53962e944a87e6ca9bb622a2a12dffc22a9bb5a
Affected versions of debug
are vulnerable to regular expression denial of service when untrusted user input is passed into the o
formatter.
As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.
This was later re-introduced in version v3.2.0, and then repatched in versions 3.2.7 and 4.3.1.
Recommendation
Version 2.x.x: Update to version 2.6.9 or later. Version 3.1.x: Update to version 3.1.0 or later. Version 3.2.x: Update to version 3.2.7 or later. Version 4.x.x: Update to version 4.3.1 or later.
Affected versions:
["4.0.0", "4.0.1", "4.1.0", "4.1.1", "4.2.0", "4.3.0", "3.2.0", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.0.0", "3.0.1", "0.0.1", "0.1.0", "0.2.0", "0.3.0", "0.4.0", "0.4.1", "0.5.0", "0.6.0", "0.7.0", "0.7.1", "0.7.2", "0.7.3", "0.7.4", "0.8.0", "0.8.1", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "2.0.0", "2.1.0", "2.1.1", "2.1.2", "2.1.3", "2.2.0", "2.3.0", "2.3.1", "2.3.2", "2.3.3", "2.4.0", "2.4.1", "2.4.2", "2.4.3", "2.4.4", "2.4.5", "2.5.0", "2.5.1", "2.5.2", "2.6.0", "2.6.1", "2.6.2", "2.6.3", "2.6.4", "2.6.5", "2.6.6", "2.6.7", "2.6.8", "1.0.5"]
Secure versions:
[2.6.9, 3.1.0, 4.3.1, 3.2.7, 4.3.2, 4.3.3, 4.3.4]
Recommendation:
Update to version 4.3.4.
71 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
0.0.1 | MIT | 2 | 2011-11-29 - 01:11 | over 12 years |
0.1.0 | MIT | 2 | 2011-12-02 - 23:16 | over 12 years |
0.2.0 | MIT | 2 | 2012-01-22 - 18:26 | over 12 years |
0.3.0 | MIT | 2 | 2012-01-27 - 00:37 | over 12 years |
0.4.0 | MIT | 2 | 2012-02-01 - 21:20 | over 12 years |
0.4.1 | MIT | 2 | 2012-02-02 - 19:54 | about 12 years |
0.5.0 | MIT | 2 | 2012-02-03 - 00:56 | about 12 years |
0.6.0 | MIT | 2 | 2012-03-16 - 21:58 | about 12 years |
0.7.0 | MIT | 2 | 2012-07-09 - 19:11 | almost 12 years |
0.7.1 | MIT | 2 | 2013-02-06 - 21:53 | about 11 years |
0.7.2 | MIT | 2 | 2013-02-06 - 23:40 | about 11 years |
0.7.3 | MIT | 2 | 2013-10-31 - 00:51 | over 10 years |
0.7.4 | MIT | 2 | 2013-11-13 - 20:08 | over 10 years |
0.8.0 | MIT | 2 | 2014-03-30 - 16:00 | about 10 years |
0.8.1 | MIT | 2 | 2014-04-15 - 02:04 | about 10 years |
1.0.0 | MIT | 2 | 2014-06-05 - 03:55 | almost 10 years |
1.0.1 | MIT | 2 | 2014-06-06 - 20:23 | almost 10 years |
1.0.2 | MIT | 2 | 2014-06-11 - 00:50 | almost 10 years |
1.0.3 | MIT | 2 | 2014-07-09 - 16:16 | almost 10 years |
1.0.4 | MIT | 2 | 2014-07-15 - 23:16 | almost 10 years |
2.0.0 | MIT | 2 | 2014-09-01 - 07:21 | over 9 years |
2.1.0 | MIT | 2 | 2014-10-15 - 21:58 | over 9 years |
2.1.1 | MIT | 2 | 2014-12-29 - 21:51 | over 9 years |
2.1.2 | MIT | 2 | 2015-03-02 - 01:39 | about 9 years |
2.1.3 | MIT | 2 | 2015-03-13 - 18:50 | about 9 years |
2.2.0 | MIT | 2 | 2015-05-10 - 07:21 | almost 9 years |
2.3.0 | MIT | 2 | 2016-11-07 - 17:40 | over 7 years |
2.3.1 | MIT | 2 | 2016-11-10 - 00:14 | over 7 years |
2.3.2 | MIT | 2 | 2016-11-10 - 06:30 | over 7 years |
2.3.3 | MIT | 2 | 2016-11-19 - 19:59 | over 7 years |
2.4.0 | MIT | 2 | 2016-12-14 - 06:52 | over 7 years |
2.4.1 | MIT | 2 | 2016-12-14 - 07:25 | over 7 years |
2.4.2 | MIT | 2 | 2016-12-14 - 19:40 | over 7 years |
2.4.3 | MIT | 2 | 2016-12-14 - 21:50 | over 7 years |
2.4.4 | MIT | 2 | 2016-12-15 - 01:27 | over 7 years |
2.4.5 | MIT | 2 | 2016-12-18 - 07:13 | over 7 years |
2.5.0 | MIT | 2 | 2016-12-21 - 05:03 | over 7 years |
2.5.1 | MIT | 2 | 2016-12-21 - 05:33 | over 7 years |
2.5.2 | MIT | 2 | 2016-12-26 - 02:39 | over 7 years |
2.6.0 | MIT | 2 | 2016-12-29 - 05:50 | over 7 years |
2.6.1 | MIT | 2 | 2017-02-10 - 19:00 | about 7 years |
2.6.2 | MIT | 2 | 2017-03-10 - 19:44 | about 7 years |
2.6.3 | MIT | 2 | 2017-03-14 - 03:50 | about 7 years |
2.6.4 | MIT | 2 | 2017-04-20 - 18:08 | about 7 years |
2.6.5 | MIT | 2 | 2017-04-27 - 16:04 | about 7 years |
2.6.6 | MIT | 2 | 2017-04-27 - 23:35 | about 7 years |
2.6.7 | MIT | 2 | 2017-05-17 - 04:33 | almost 7 years |
2.6.8 | MIT | 2 | 2017-05-18 - 20:07 | almost 7 years |
1.0.5 | MIT | 2 | 2017-06-15 - 00:14 | almost 7 years |
3.0.0 | MIT | 2 | 2017-08-08 - 21:55 | over 6 years |
3.0.1 | MIT | 2 | 2017-08-24 - 19:44 | over 6 years |
3.2.1 | MIT | 1 | 2018-09-11 - 06:28 | over 5 years |
3.2.2 | MIT | 1 | 2018-09-11 - 07:50 | over 5 years |
3.2.0 | MIT | 1 | 2018-09-11 - 06:19 | over 5 years |
4.3.0 | MIT | 1 | 2020-09-19 - 08:36 | over 3 years |
4.2.0 | MIT | 1 | 2020-05-19 - 09:51 | almost 4 years |
3.2.3 | MIT | 1 | 2018-09-11 - 08:30 | over 5 years |
4.0.0 | MIT | 1 | 2018-09-11 - 08:58 | over 5 years |
3.2.4 | MIT | 1 | 2018-09-11 - 09:12 | over 5 years |
3.2.5 | MIT | 1 | 2018-09-11 - 23:12 | over 5 years |
4.0.1 | MIT | 1 | 2018-09-11 - 23:16 | over 5 years |
4.1.0 | MIT | 1 | 2018-10-08 - 17:51 | over 5 years |
3.2.6 | MIT | 1 | 2018-10-10 - 06:48 | over 5 years |
4.1.1 | MIT | 1 | 2018-12-22 - 16:40 | over 5 years |
2.6.9 | MIT | 2017-09-22 - 13:32 | over 6 years | |
3.1.0 | MIT | 2017-09-26 - 19:13 | over 6 years | |
4.3.1 | MIT | 2020-11-19 - 12:23 | over 3 years | |
3.2.7 | MIT | 2020-11-19 - 12:57 | over 3 years | |
4.3.2 | MIT | 2020-12-09 - 15:36 | over 3 years | |
4.3.3 | MIT | 2021-11-27 - 13:14 | over 2 years | |
4.3.4 | MIT | 2022-03-17 - 13:38 | about 2 years |